I need configure HTTP Compression by hardware on CSS 11503. I make config like this [URL]
My config:
service s1
ip address 10.1.66.11 (web server)
keepalive type none
[Code].....
do you know what happens if you reach the limit of, for instance 100 Mbps, compression. I know that if you reach the bandwidth limit ACE will drop packets but if you configure compression what happens if you have 110 Mbps.
I supossed that ACE will compress 100 Mbps and leave 10 Mbps without compression but I don't find this information anywhere.
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
View 2 Replies View Relatedi have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
We want to mask part of the path prefix to hide development content: For example: the site(s) are: [URL]However we don't want anything with acme showing...so we would want the loadbalanced url to be: [URL] ...for requests and responses. I think this would be an http re-write request/response scenario?Is this possible to configure this on the ACE Device? We've got the load balance configuration down...not sure how to do this re-write type scenario?
View 2 Replies View RelatedWe have an issue in .css compression on IE6. Hence we excluded .css from compression but still it is being compressed and the page is not getting displayed correctly. In addition I have also applied acceleration policy.
Is there any reason why .css not matched on the exclusion class map & getting compressed? Is optimization policy related to this issue?
I have been given a task to create 2 checks using snmp for nagios. I am googling left right and center to maybe try and find the appropriate OID's that i can pass to this nagios check for both ssl throughput as well as compression throughput.
View 3 Replies View RelatedI have a number of web sites that are currently being load balanced by CSS 11503s runninng 8x code. I was recently requested to configure HTTP --> HTTPS redirects on the CSS for every site. In the past, I have only configured the redirects for sites that had a requirement. Now it appears that the server teams want all content encrypted.
1) What impact will this have on the CPU?
2) What impact will this have on Memory utilization?
3) Is there a maximum nubmer on redirects?
4) Are there other things I should be concerned about?
I'm seeing the following error on one of our real server. Is there a way to find out who is spamming?
10.x.x.x(VIP) - - "POST /slmruntime/service HTTP/1.0" 404 1214
is it possible to construct the L7 HTTP class-map expression to match all URLs except one? I have 1 correct url, for example: /correcturl.* and want to redirect requests to all other possible URLs to this one, without the need to list them all in "possitive match" statements.
View 6 Replies View RelatedI have an ACE version A5.2 configured in one-armed leg (doing source nat). I have a requirement to add(or copy) the "referer" header value from the original request to the request send by ACE.
I cannot figure out how to copy this value. It is easy to add the source ip address by adding: " insert-http x-forwarded-for header-value "%is".
So how I am going to copy the Refere header?
#Referer
#Address (URI) of the resource from which the URI in the request was obtained
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
View 4 Replies View RelatedHow to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
View 7 Replies View RelatedI need to configure a keepalive that check an url in a server (http in port 9500 not in port 80) and check the port 443 in the same server. If any of them not response . the service should go down.
View 1 Replies View RelatedWe had a PCI security audit of an existing VIP on our ACE 4710. The VIP is set up as HTTPS terminating on the ACE with a http redirect for all 80 traffic. The audit reported this VIP was vunerabled to the Cisco "IOS HTTP Authorization Vulnerability". Which basicly states, http Management is on this IOS device. It does not make any sense, as the VIP is pointed to a pair IIS servers?
[URL]
I have a requirement to load balance OWA 2010 inbound connectivity to 2 CAS servers using a ACE 4710 with sticky sessions enabled.
The CAS servers are currently responding on 80 or 443 at this moment in time. Eventually I want to off load the SSL to the ACE 4710, its currently running on the CAS servers. I need to enable sticky sessions to keep the session to the same CAS server for each internet based connection. I also have a proxy enabled for inbound connectivity so I cannot use source IP.
Here is my configuration but it doesn’t seem to be working, i am currently testing with port 80 connections not SSL.
serverfarm host INHOUSE-EXCHANGE-OWA-vFARM
predictor response app-req-to-resp samples 4
probe 443
probe HTTP-PROBE
rserver INHOUSE-TEST-CAS01-SVR
inservice(code)
I'm trying to troubleshoot a wireless network at an Inn which is shared among three buildings. The internet at the main building works fine.
However there is a WDS set up for the other two houses that are part of the property. The network is a bit of a mess IMO. The main problem is that routers on the end of the WDS chain work for awhile after booting, but frequently stop issuing IPs. When a device tries to connect it says unable to configure IP or something like that. Rebooting the router always fixes the problem.
My networking knowledge is very limited but I think some settings must be incorrect. I will try to described the setup here..
All of the following routers are WRT54G's with DDWRT
Main router: 192.168.1.1 [different SSID that WDS], all routers forward DHCP to this router
WDS router 192.168.1.3 at main building is connected to an cantenna that shoots the signal over to 1st house. Gateway & Local DNS set to 192.168.1.1
WDS router 192.168.1.4 at that house is the main AP for that house and gets its signal from 1.3's cantenna. Gateway & Local DNS set to 192.168.1.3
WDS router 192.168.1.5 under the deck at the 1st house picks up that signal from 1.4 and uses a cantenna to send it to the 2nd house. Gateway & Local DNS set to 192.168.1.4
WDS router 192.167.1.6 under the deck of the 2nd house gets the signal from 1.5's cantenna. Gateway & Local DNS set to 192.168.1.5
The IP configuration problems happen at the 2nd house with 192.168.1.6. I believe 1.5 also has IP configuration problems but that router is not used other than to transmit to 1.6. Again rebooting the router fixes the issues temporarily. It works for a couple days up to a couple weeks before the IP problems start.
Mac addresses for the WDS are set of course. I have been trying to experiment with settings for awhile, but do not really know what I am doing. I am not the one who set this up.
Also under the Advanced Routing tab,here are the Static Routing settings:
192.168.1.3: Destination LAN NET: 192.168.1.0, Gateway: 192.168.1.1
192.168.1.4: Destination LAN NET: 192.168.1.3, Gateway: 192.168.1.1
192.168.1.5: Destination LAN NET: 192.168.1.4, Gateway: 192.168.1.3
192.168.1.6: Destination LAN NET: 192.168.1.5, Gateway: 192.168.1.4
Update: looks like STP should be enabled for WDS? Going to try enabling that I guess.
We are using a ACE 4710 with A3(2.6) software release.I had to change our sticky load balancing method for HTTPS to cookie based.However while connections appear to work if I look at the show sticky database table I can not see or confirm sticky entries for the cookie based connections.Here or config snippets to show the config
sticky http-cookie ghh-www scook-ghh
cookie insert browser-expire
serverfarm ghh-www-443
class-map match-all ghh-www-443_CLASS
2 match virtual-address 172.16.1.21 tcp eq https
[code].....
I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
port 7025
ip address 141.211.229.168
[code].....
We are migrating from ACE 20 module to an ACE 4710 appliance. [code] When pasting in the config on the ACE 4710 running A4(2.1) code, I get the subject error message when trying to enter in the highlighted sticky-serverfarm command above. Again, this config works on the older hardware and older code.
View 1 Replies View RelatedCan the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.
View 2 Replies View RelatedI am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario: We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up. However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
Action 1 - Customers access [URL] is redirected to "Server_A" only
Action 2 - Customers access [URL] is redirected to "Server_B" only
Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
The Standard Class Maps and Policy would be something like:
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
serverfarm SF_WEBSITE
Where I thought I would need something like:
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2
[code]...
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.
I bought a Linksys WRT54GL wireless router. Right now it's running unsecured and open. How to configure it to a secure connection?
Security Type options are: Shared, WPA2-Personal, WPA-Personal, WPA2-Enterprise, WPA-Enterprise, and 802.1x
Encryption Type options are: None, and WEP
After replacing a Cisco CSS/SSL Accelorator and PIX firewall with an ACE 4710 to do load balancing and SSL encryption behind an ASA firewall we started seeing mangled HTTP requests in the Apache access logs for the servers in the server farm. This is occurring for several different URLs and not just the one above and for multiple web browsers.The ACE load balances to servers running Tomcat 7 with Apache HTTP server v. 2.2.14. A recent ACE software upgrade to A5(2.1) has not fixed the problem.
View 1 Replies View RelatedI want to deploy a high availability solution for web servers in two data centers. In the primary data center I have deployed a group of web server and I want two deploy additional servers in a secondary data center for disaster recovery and high availability. Reviewing the documentation, looks like the GSS4492 is the solution for my company needs but I am not sure if I have to implement just the GSS or if I need a ACE4700 integrated with the GSS?.
View 1 Replies View Relatedi've issue with vpn 3000. can't logon with tacacs. http and ssh doesnt work. acs server logs show that authentication was successful but no luck.
don't have access to gui as well
I am familiar with how a proxy works. The client sends a request to the proxy server and the proxy server makes the connection on behalf of the client to the web page.My question is how does this work with HTTP and end to end encryption?I know that at a company the IT staff can install certs on the computers that link to the proxy thus breaking the end to end encryption and allowing the company to see what data is being sent.I however cannot find out or think of how else to proxy an HTTPS connection other than installing certs on the clients that allows the proxy to see the data.If the proxy makes the https request on behalf of the client via one session, the https session would terminate on the proxy and the proxy would have to create a subsequent https connection to the client.This would break the end to end encryption and the client should pick up on this unless the certs on the client have been changed.
View 1 Replies View RelatedACE20 module with A2(3.3)I have tried to config a NAT-pool with two adresses, but only one is used.
View 6 Replies View RelatedI have a pair of ACE30 in Active/Standby mode. I can ssh to all active contexts. I can also ssh to all standby contexts except one.
View 6 Replies View RelatedThe below is the display that I get on the screen when i boot the device.There are two error's one is when the daughter card is found and device give us login access after which it reboot’s. The second is stated below (this is a screen copy of the error)
INIT: version 2.85 booting/mnt/cf/TN-CONFIG on /TN-CONFIG type ext3 (rw,sync,loop=/dev/loop0)/mnt/cf/TN-CERTKEY-STORAGE on /TN-CERTKEY-STORAGE type ext3 (rw,sync,loop=/dev/loop1)/mnt/cf/TN-LOGFILE on /TN-LOGFILE type ext3 (rw,sync,loop=/dev/loop2)/mnt/cf/TN-HOME on /TN-HOME type ext3 (rw,sync,loop=/dev/loop3)/mnt/cf/TN-COREFILE on /TN-COREFILE type ext3 (rw,sync,loop=/dev/loop4)insmod: error inserting
[Code]...
I know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?
View 1 Replies View RelatedI'm working on a small scale Cisco WAAS deployment. I want to know if it's possible to use the entry level Cisco WAVE-294-K9 as Central Manager.Also about licensing, does this appliance model come with the enterprise level license
View 2 Replies View Related
