<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 10pt; color: #000000'>thanks Bernhard,<br><br>you confirmed many of my suspicions and some of my findings. <br><span><br><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>Cooking with unix is easy. You just sed it and forget it. <br> - LFJ (with apologies to Mr. Popeil)<br><span name="x"></span><br></span><br><hr id="zwchr"><b>From: </b>"Bernhard Albler" <bernhard.albler@gmail.com><br><b>To: </b>"Anthony Holloway" <avholloway+cisco-voip@gmail.com><br><b>Cc: </b>"Lelio Fulgenzi" <lelio@uoguelph.ca>, "cisco-voip voyp list" <cisco-voip@puck.nether.net><br><b>Sent: </b>Sunday, February 27, 2011 1:43:14 PM<br><b>Subject: </b>Re: [cisco-voip] CCMuser pages or not? (CUCM v7)<br><br>Hi all,<br>two answers:<br>1.)<br>I have one customer who has pretty much reimplemented CCMUSER and<br>quite a bit more as a part of a full management solution. It's pretty<br>darn cool (we can also configure unity etc. viy that page) but it was<br>quite a bit of work.<br><br><br>2.)I believe ASA Url filtering will not work because the page these<br>days are only available via SSL. So no luck there.<br><br>What I did at another customer was to use NGINX (www.nginx.net) as a<br>reverse proxy and then filter ccmuser. This is a bit more tricky than<br>necessary because CCMUser actually uses resources (images) pointing to<br>/ccmadmin/. So the config looks something like this:<br>server {<br> listen <VIRTUALIP>:443;<br> server_name <HOSTNAME>;<br> access_log /var/log/nginx/settings.access.log;<br> error_log /var/log/nginx/settings.error.log;<br><br> ssl on;<br> ssl_certificate /etc/certs/host.cert;<br> ssl_certificate_key /etc/certs/host.key;<br> ssl_session_timeout 5m;<br><br> ssl_protocols SSLv2 SSLv3 TLSv1;<br> ssl_ciphers<br>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;<br> ssl_prefer_server_ciphers on;<br><br> keepalive_timeout 70;<br><br> location /nginx_status {<br> stub_status on;<br> access_log off;<br> }<br><br> location / {<br> rewrite ^/(.*) https://<HOSTNAME>/ccmuser permanent;<br> }<br><br>location /ccmuser/ {<br><br> proxy_set_header X-Real-IP $remote_addr;<br><br> #<br> # This line tells the application which URL to use as base_url:<br> #<br> proxy_set_header Host <HOSTNAME>;<br> proxy_set_header X-Host $host;<br> proxy_set_header X-Forwarded-For<br>$proxy_add_x_forwarded_for;<br><br> #<br> # Here we point to Jetty<br> #<br> proxy_pass https://<REALCCM>/ccmuser/;<br> proxy_redirect default;<br> }<br>location /ccmadmin/loading-please-wait.jsp {<br><br> proxy_set_header X-Real-IP $remote_addr;<br><br> #<br> # This line tells the openms application which URL to<br>use as base_url:<br> #<br> proxy_set_header Host <HOSTNAME>;<br> proxy_set_header X-Host $host;<br> proxy_set_header X-Forwarded-For<br>$proxy_add_x_forwarded_for;<br><br> #<br> # Here we point to the CCM<br> #<br> proxy_pass<br>https://<REALCCM>ccmadmin/loading-please-wait.jsp;<br> proxy_redirect default;<br> }<br><br><br>location /ccmadmin/themes/ {<br><br> proxy_set_header X-Real-IP $remote_addr;<br><br> #<br> # This line tells the application which URL to use as base_url:<br> #<br> proxy_set_header Host <HOSTNAME>;<br> proxy_set_header X-Host $host;<br> proxy_set_header X-Forwarded-For<br>$proxy_add_x_forwarded_for;<br><br> #<br> # Here we point to the CCM<br> #<br> proxy_pass https://<REALCCM>/ccmadmin/themes/;<br> proxy_redirect default;<br> }<br>}<br><br>This also has the advantage that users can just enter <HOSTNAME> and<br>will drop to CCMUSER.<br>I believe you can do the same with a F5 or a ACE.<br><br>regards<br>bernhard<br></div></body></html>