Content rule Content CSS 11 500 question

I have the following question, the port number in a content rule is this the port to witch the content switch forwards or to witch he listens on.
Suppose i have an url
when i receive this on the content switch i want to redirect it to the backend on port 8080. How can i do this.

Your content rule is what we call a Layer 5 Content Rule since it has a HTTP URL field in its matching criteria.
This means the CSS will be listening for traffic that is heading towards VIP Address on port 40918 AND that it matches a certain URL. This URL in your case is "//*".
When traffic is initiated to VIP, the CSS will use Layer 5 information such as the URL included in the client requests to match the traffic to this content rule.
When you use a browser to access this desired page, your DNS will probably return for, telling your browser to make a request to VIP and URL "//*".
Please take a look at this link for more information.
Hope it helps.

Similar Messages

  • One Arm config Domain Name Content rule

    Hi Guys
    How does domain name content rule works in one arm config.
    What do we put in source groups as VIP address.
    Does it need host headers in WebServer as a requirement.
    How does the client request gets completed.
    Any help much appriciated..

    Thanks for your reply Jim,
    This is what I am trying to do in a One arm config topology
    ( As the CSS guide ( cntntgd.pdf ) says under Configuring a Domain Name content rule)
    The CSS allows you to use a domain name in place of, or in conjunction with, a
    VIP address in a content rule. Using a domain name in a content rule enables you
    Enable service provisioning to be independent of IP-to-domain namemappings
    Provision cache bandwidth as needed based on domain names
    So I am trying to create a content rule with a domain name instead of VIP address. For ex.
    content domainRule3
    protocol tcp
    port 80
    url "//*"
    add service Serv1
    group servers
    add destination service Serv1
    VIP address  ???????? ( what shd we put in here )
    In this case what do we put as VIP address in source groups and how does the traffic flows from Client to actual Server in One arm topology. I am trying this topology where we have multiple sites configured with the same IP address with host headers
    My assumption is that I shd configure DNS servers with VIP address for and use that as VIP address in source group. But how does the actual traffic flows from client to servers
    Many thanks.

  • SharePoint w/ OneDrive Integration - Content Rules Question

    I have set up and configured SharePoint 2013's "Content Rules". I have also tested it, and it is functioning properly. However, I am having an issue (obviously!).
    If I am in the web interface of SharePoint 2013, logged into my site, and I upload a file using the "Upload" button, the file is uploaded and sorted 100% perfectly.
    If I use OneDrive, however, (mind you, the Drop-off library IS sync'd and that is where I am uploading the docs) the file shows up in the Drop-off library and just "sits there". The Content rules are never applied or ran. 
    If I can get some assistance or recommendations, I would greatly appreciate it!
    Thank you

    Hi anitsirK06,
    Based on my tests, using "Upload one document" dialog of "Drop Off Library" directly to upload one document will trigger the router rule immediately.
    When I sync the document from OneDrive to "Drop Off Library", it will trigger the router rule only when I run the timer job "Content Organizer Processing" for this particular web applicaiton, so you can set the proper schedule interval for this
    particular web application timer job for solving this issue.
    Daniel Yang
    TechNet Community Support

  • Port 443 content rule, can the CSS see inside the cookie ?

    Hi Gilles/everyone,
    With a content rule using port 443, can we use cookie based stickiness or is the cookie also encrpyted ?

    also encrypted.
    No way to see it without an SSL module to decrypt.

  • Using a content rule for port translation.

    If I set up a content rule to grab traffic on a VIP on port 81, can I then send it to a server that is configured for port 80 ?

    If I receive a udp packet with the sourse port 123. Can CSS forward this packet to the Server, but replace sourse port to something greater than 1023 ???
    As I know CSS doesn't NAT for udp ports less than 1023.

  • I am not able to telnet my content rule VIP address

    I am not able to telnet my content rule VIP address and port number. But I am able to direct to telnet to service servers, which are added into the content rule set. Can anyone tell me why. I have update the latest WEBOS 5.00 Build 69. The content switch model is 11050. thank you very much .

    Is possible one armed and in line in the same content switch ?
    Currently I have some content rule are using one armed solution, there is only one rule I need to make the server see the original IP. I guess my question is , can I have this rule use in -line solution only, so I will not have to impact other rules set.
    The other question since this content rule's service sever have only one interface only, Can I have this in-line solution go in the content switch and come out content switch in the same server farm switch ? Thank you for all the help.

  • LD416 (Ver4.2.5) specification content-rule

    I have localdirector 416 with 4.2.5.
    How to define the rules for content load balancing
    with https.
    First of all, on specification Is it impossible?
    As the following
    content-rule rule01 depth 1024 "/aaa/"
    content-rule rule02 depth 1024 "/bbb/"
    virtual is
    virtual is
    virtual is
    sticky 10 ssl

    I found the following comments about CSS.
    All traffic is encrypted to avoid people to look at it.
    So, the CSS does not see and has no way to see the URL.
    Does this correspond to Local Director ?

  • Content rules issue - request directed to the wrong content

    We have the following setup;
    Requests to goes to the content rule LB_FD_87. Request to* goes to the more specific content rule FD/WATER_LB_87. Sometimes, for unexplicable reasons, requests for* are sent to the content rule LB_FD_87 instead of the more specific rule FD/WATER_LB_87 and the client get a 404 error. Anyone have a clue?
    our setup:
    dql FD_87
    domain index 1
    owner FD
    content LB_FD_87
    add service W0_FD_3.71
    add service W1_FD_3.81
    protocol tcp
    vip address XXX.XXX.29.87
    port 80
    balance leastconn
    advanced-balance arrowpoint-cookie
    owner FD_nonbalance
    content FD/WATER_LB_87
    vip address XXX.XXX.29.87
    add service W3_GL_3.160
    protocol tcp
    port 80
    url "/water*" dql FD_87
    Thanks for your help

    Hi Gilles,
    I don't understand your sugestion .
    I don't think increasing the flow timeout will help since according to CISCO documentation that will only permit to the flow to stay idle longer.
    CISCO DOC: "Configuring Flow Inactivity Timeouts on Content Rules and Source Groups
    Use this feature with a CSS to configure flow inactivity timeout values for TCP and UDP flows on a per content rule and per source group basis. This timeout value is not the frequency with which a CSS reclaims flow resources, but is the time period that must elapse for an idle flow before the CSS marks the flow for cleanup. "
    And I am not sure of what you mean by "the CSS it will stop looking into the content to detect if a remapping to a better rule is required" I think you mean that the CSS will look for a another content rule if a content rule does not repond to a request. But our understanding is that a CSS look for the more specific content rule to serve a request and if all the service of that content rule are dead the pacquet is drop not send to a another content rule.
    We did test that with spefic and less specific content rule and if the more specific content rule as all is services dead the packet is drop not send to the least specific content rule.
    thanks for your interest in our problem
    We cannot reproduce this problem but still find the line sporadically in the web server log .

  • CS-150-LAN extra content rule disables all access to website

    We have a CS-150-LAN Content switch with software version 6.10Build203. Yesterday for no apparent reason we lost connectivity to our website through our CSS. To get around this issue we removed all content rules except for the "everything-else" rule.
    content AIC
    add service acmi-web3
    url "//*"
    protocol tcp
    port 80
    vip address
    content everything-else
    add service acmi-web1
    vip address
    protocol tcp
    port 80
    content everything
    add service acmi-web3
    vip address
    protocol tcp
    port 80
    What is happening now is that when l create an addional content rule it then times out all connections to our website If l suspend the additional rule "AIC" the website comes back online. We need these additional content rules for accessing subsites. Please help.

    Here are the sho service summary and show summmary outputs
    Owner Content Rules State Services Service Hits AIC Suspended acmi-web3 6
    everything-else Active acmi-web1 243
    acmi-web2 340 everything Active acmi-web3 23
    sec-css-11150# sh service summary
    Service Name State Conn Weight Avg State Idx
    Load Transitions
    acmi-web1 Alive 2 1 2 2 2
    acmi-web2 Alive 9 1 23 2 3
    acmi-web3 Alive 1 1 17 2 4
    The content rule AIC is suspended because if l activate it, it then makes the website unreachable and timesout.
    This config was working from day one with the AIC content rule and about another 9 content rules under the owner
    If l add the url "/*" command to the content rule "everything-else this also hangs the site

  • Content Rule-Based DNS

    We have configured the CSS for content rule-based DNS operation for GSLB. The CSS are installed behind a firewall. CSS are configured with private addresses for the services and the VIP. This VIP is translated at the firewall for external access.
    In this scenarion, when the CSS receives a DNS query it returns the VIP (private address) and hence the clients can't reach. How can I change it to retun the public address to the user.

    you can configure the CSS to return the public ip address.
    But internal users that may require to use the private ip address will also receive the public ip address.
    To configure the CSS, you need to use dns a-record and therefore use dns zone-based solution instead of rule-based.

  • Sticky sessions across multiple content rules

    If a client PC initiates two requests which match different content rules on a CSS (first request http port 80 to CSS VIP downloads a small application. This application then sends a second request to the VIP, on tcp port 8085) can sticky rules be configured on the CSS content rules, so that they hit the same destination server, given that both content rules contain the same services, and hence be considered part of the same session?

    there is no sitcky accros content rules option on the CSS.
    But there are solutions to this problem.
    First, are you doing anything special with your HTTP content rule ? Like cookies or url inspection ?
    If not, you can group the 2 content rules into a single one. You will have 1 Layer3 rule instead of 2 Layer 4 rules.
    If you have L5-7 rules [http inspection], the previous solution is not possible.
    You will need to maintain 2 rules.
    You could then use a 'balance srcip' balancing method on both rules.
    This algorithm is deterministic.
    The same client will always go to the same server.
    Hope this helps.
    Thanks for rating.

  • Layer 5 port 80 content rule breaks realaudio.

    I have some layer 5 content rules we are using to filter virus's:
    content block_.ida
    protocol tcp
    port 80
    url "/*"
    header-field-rule .ida weight 0
    add service drop
    header-field-group .ida
    header-field .ida request-line contain ".ida"
    This does a great job of filtering what we want, however realaudio which uses port 80 fails. If I disable the content rule the realaudio traffic works.
    Any ideas?

    Thanks for the response. We only have the one real audio stream. I have not seen and reference to .ida within the stream.
    Is there anyway to create a content rule stating that all realvideo traffic on port 80 go directly to the original destination with no further processing by the CSS?

  • Use of content rule vs source group for NATing

    To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).
    Having trouble with Option 2.
    Option 1:
    service svr1
    ip address
    no port
    protocol tcp
    Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?
    service svr2
    ip address
    no port
    protocol tcp
    content outflows
    protocol tcp
    add service svr1
    add service svr2
    vip address <externalip>
    group outgrp
    vip address <external ip>
    add service svr1
    add service svr2
    <add appropriate acl>
    Option 2:
    service svr1
    ip address
    no port
    protocol tcp
    service svr2
    ip address
    no port
    protocol tcp
    group outgrp
    vip address <external ip>
    add service svr1
    add service svr2
    <add appropriate acl>

    to nat connections initiated by the server, you only need a source group.
    No need for a content rule.
    The CSS will port nat.

  • Content rule works with no redundant-vips configured

    We have a content rule configured (VIP address but have not configured an ip redundant-vip 1 under the circuit configuration on either the master or backup CSS.
    This content rule works though ? Why is this ?

    both css are responding to arp request for this vip, but luckily the upstream router keeps using the csm mac/css.
    I would still recommend to use the redundant-vip.

  • Defining virtual servers using content-rules

    Can multiple virtual servers be "bound" to a single real server when all of the virtual servers have the same ip address and port, with the only difference between each virtual server being a unique content rule applied to each? (This is more of a migration issue, than a load-balance issue)

    I assume you are saying Web(HTTP) and the answer is yes.
    1. Your server should has name-based virtual hosting enabled if your server only use 1 IP address.
    2. In CSS, you can use single service for this server or use different services with different keepalive uri for each service.
    3. You can use a number of unique Content rules (same VIP, TCP 80 with different URLs) and add the service to it.
    Remarks: If you want to use unique Content rules, you should make them difference with URL, otherwise all the content rules are the same and you can't activate all.
    Another suggestion: If your server already support Name-VHOST, you can use just single L4 Content rule and all the traffic would be handled by that server (service).

Maybe you are looking for