Redirecting HTTP traffic based on host-header (or URL request)

Discussion in 'Cisco' started by Tim Mavers, Apr 1, 2004.

  1. Tim Mavers

    Tim Mavers Guest

    I have been asked to see if I can have our Pix firewall route incoming web
    requests (on port 80) to different machines based on the requesting URL. I
    am not intimately familar with all the network layers, but it sounds like
    the Pix would have to be aware of the HTTP traffic and not just the IP
    traffic. Currently, our Pix routes all incoming traffic on port 80 to an
    internal machine inside our LAN (regardless of what url was typed, if DNS
    resolves it to the external interface, it gets routed to box

    What I would like to do is to (and I have no idea if this functionality
    exists within the Pix), but add some sort of filter exception (conceptual
    terms here), where if requests come in on say: they get
    routed to a different machine. Any other requests continue to go to our
    main web server.

    Our main web server btw is Apache 2.0 and I looked through the docs briefly
    and know there are ways of redirecting within the same machine using
    host-headers. In other words, all requests continue to go to a single web
    server, who then determines where it should go (not sure if it can redirect
    to another machine, but I know it can redirect to other pages on the same
    machine--creating a virtual host environment).

    The problem is this second machine I need to redirect to is running IIS
    under Windows. Furthermore, if I were able to configure apache to redirect
    requests based on URL request, would there be other issues such as cookies,
    session state (the IIS site uses ASP.NET).

    These unknowns has got me looking back at the Pix again, if I could route
    traffic before it hits any web server, I think that would be a much cleaner
    solution. The question is, does Pix support this, and if so, how would I
    configure it?

    Tim Mavers, Apr 1, 2004
    1. Advertisements

  2. Tim Mavers

    PJML Guest

    For this I would recommend something like one of the
    115xx-series Content Server Switches.

    They're layer 4-7 aware and can do the sorts of things
    you want, with load-balancing and failover so you can
    automatically redirect to a different server if your
    primary one stops responding. I've been running a
    couple of 11503s for some time and think they're great!
    PJML, Apr 1, 2004
    1. Advertisements

  3. :I have been asked to see if I can have our Pix firewall route incoming web
    :requests (on port 80) to different machines based on the requesting URL.

    We answered this just a couple of weeks ago.

    The answer is NO. And there are no rumours about it being supported
    in 7.0.
    Walter Roberson, Apr 1, 2004
  4. Tim Mavers

    Chad Mahoney Guest


    the PIX can not do this **but** DNS sure can. Although you may need to
    use more IP address than wanted.


    Chad Mahoney, Apr 13, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.