Redirecting HTTP traffic based on host-header (or URL request)

Discussion in 'Cisco' started by Tim Mavers, Apr 1, 2004.

  1. Tim Mavers

    Tim Mavers Guest

    I have been asked to see if I can have our Pix firewall route incoming web
    requests (on port 80) to different machines based on the requesting URL. I
    am not intimately familar with all the network layers, but it sounds like
    the Pix would have to be aware of the HTTP traffic and not just the IP
    traffic. Currently, our Pix routes all incoming traffic on port 80 to an
    internal machine inside our LAN (regardless of what url was typed, if DNS
    resolves it to the external interface, it gets routed to box 10.10.5.2.

    What I would like to do is to (and I have no idea if this functionality
    exists within the Pix), but add some sort of filter exception (conceptual
    terms here), where if requests come in on say: xxx.mycompany.com they get
    routed to a different machine. Any other requests continue to go to our
    main web server.

    Our main web server btw is Apache 2.0 and I looked through the docs briefly
    and know there are ways of redirecting within the same machine using
    host-headers. In other words, all requests continue to go to a single web
    server, who then determines where it should go (not sure if it can redirect
    to another machine, but I know it can redirect to other pages on the same
    machine--creating a virtual host environment).

    The problem is this second machine I need to redirect to is running IIS
    under Windows. Furthermore, if I were able to configure apache to redirect
    requests based on URL request, would there be other issues such as cookies,
    session state (the IIS site uses ASP.NET).

    These unknowns has got me looking back at the Pix again, if I could route
    traffic before it hits any web server, I think that would be a much cleaner
    solution. The question is, does Pix support this, and if so, how would I
    configure it?

    Thanks,
    Tim Mavers, Apr 1, 2004
    #1
    1. Advertising

  2. Tim Mavers

    PJML Guest

    Tim Mavers wrote:
    > I have been asked to see if I can have our Pix firewall route incoming web
    > requests (on port 80) to different machines based on the requesting URL. I
    > am not intimately familar with all the network layers, but it sounds like
    > the Pix would have to be aware of the HTTP traffic and not just the IP
    > traffic. Currently, our Pix routes all incoming traffic on port 80 to an
    > internal machine inside our LAN (regardless of what url was typed, if DNS
    > resolves it to the external interface, it gets routed to box 10.10.5.2.



    For this I would recommend something like one of the
    115xx-series Content Server Switches.

    http://www.cisco.com/en/US/products/hw/contnetw/ps792/index.html

    They're layer 4-7 aware and can do the sorts of things
    you want, with load-balancing and failover so you can
    automatically redirect to a different server if your
    primary one stops responding. I've been running a
    couple of 11503s for some time and think they're great!
    PJML, Apr 1, 2004
    #2
    1. Advertising

  3. In article <>,
    Tim Mavers <> wrote:
    :I have been asked to see if I can have our Pix firewall route incoming web
    :requests (on port 80) to different machines based on the requesting URL.

    We answered this just a couple of weeks ago.

    The answer is NO. And there are no rumours about it being supported
    in 7.0.

    --
    Whose posting was this .signature Google'd from?
    Walter Roberson, Apr 1, 2004
    #3
  4. Tim Mavers

    Chad Mahoney Guest

    -cnrc.gc.ca (Walter Roberson) wrote in message news:<c4hge0$afq$>...
    > In article <>,
    > Tim Mavers <> wrote:
    > :I have been asked to see if I can have our Pix firewall route incoming web
    > :requests (on port 80) to different machines based on the requesting URL.
    >
    > We answered this just a couple of weeks ago.
    >
    > The answer is NO. And there are no rumours about it being supported
    > in 7.0.


    Hi,

    the PIX can not do this **but** DNS sure can. Although you may need to
    use more IP address than wanted.


    hth,

    Chad
    Chad Mahoney, Apr 13, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CybrSage

    Redirecting all WWW traffic

    CybrSage, Jul 18, 2003, in forum: Cisco
    Replies:
    7
    Views:
    1,741
    CybrSage
    Jul 19, 2003
  2. dmcknigh

    Redirecting a HTTP POST with CSS

    dmcknigh, Oct 18, 2003, in forum: Cisco
    Replies:
    0
    Views:
    420
    dmcknigh
    Oct 18, 2003
  3. jlatulip
    Replies:
    4
    Views:
    1,022
    Salvatore
    May 13, 2006
  4. Replies:
    7
    Views:
    6,990
    Mysticmoose06
    Mar 30, 2007
  5. milan_9211

    HTTP SOAP/HTTP GET/HTTP POST

    milan_9211, Jan 10, 2011, in forum: Software
    Replies:
    0
    Views:
    3,052
    milan_9211
    Jan 10, 2011
Loading...

Share This Page