[rbak-nsp] http redirect

Nikolay Abromov nabromov at gmail.com
Fri Aug 27 03:37:07 EDT 2010


Hello Group,

I have configured HTTP redirect but I noticed that the customers
within the "wallgarden" service can access HTTPS (SSL) sites directly
from their browsers. So I am looking for solution how to
include (the HTTPS) in the forwarding. I can filtered with ACL but I'd
like to support payment system on this web.

Thank you in advance



Current configurations



Building configuration...

Current configuration:
!
context WALLGARDEN
!
 ip domain-lookup
!
 interface wallgarden multibind
  description Wallgarden-Customers
  ip address y.y.y.y/25
  dhcp server interface
!
 interface wallgarden-backbone
  description Wallgarden Backbone Link
  ip address x.x.x.x/30
 no logging console
!
 ip access-list http-filter
  seq 1 permit tcp any any eq 443
  seq 2 permit tcp any eq 443 any
  seq 10 permit tcp any any eq www
  seq 11 permit tcp any eq www any
  seq 30 permit udp any any eq domain
  seq 40 permit udp any any eq bootpc
  seq 50 permit udp any any eq bootps
  seq 60 permit icmp any any
!
 policy access-list allHttpForRedirect
  seq 5 permit tcp any host z.z.2.99 eq www class DirectToFibrecityEu
  seq 6 permit tcp any host z.z.218.129 eq www class DirectToFibrecityEu
  seq 7 permit tcp any host z.z.2.98 eq www class DirectToFibrecityEu
  seq 10 permit tcp any any eq www class httpRedirectFibrecityEu
  seq 11 permit tcp any host z.z.100.125 eq www class DirectToFibrecityEu
  seq 12 permit tcp any host z.z.232.74 eq www class DirectToFibrecityEu
  seq 13 permit tcp any host z.z.232.72 eq www class DirectToFibrecityEu
  seq 14 permit tcp any host z.z.232.73 eq www class DirectToFibrecityEu
  seq 15 permit tcp any host z.z.232.74 eq www class DirectToFibrecityEu
  seq 16 permit tcp any host z.z.232.75 eq www class DirectToFibrecityEu
  seq 17 permit tcp any host z.z.232.76 eq www class DirectToFibrecityEu
  seq 18 permit tcp any host z.z.232.77 eq www class DirectToFibrecityEu
  seq 19 permit tcp any host z.z.232.78 eq www class DirectToFibrecityEu
  seq 20 permit tcp any host z.z.232.79 eq www class DirectToFibrecityEu
  seq 30 permit tcp any z.z.0.0 0.0.255.255 eq www class DirectToFibrecityEu
!
 http-redirect profile FibrecityRedirect
  url "http://forwarded.website.com"
!
 aaa authentication administrator local
 aaa authentication administrator maximum sessions 1
 aaa authentication subscriber none
!
!
 subscriber default
   ip access-group http-filter in
   http-redirect profile FibrecityRedirect
   dhcp max-addrs 4
   dns primary xx.xx.xx.xx
   dns secondary xx.xx.xx.xx
   forward policy httpRedirectFibrecityEu in
!
 ip route 0.0.0.0/0 xxx.xxx.xxx.xxx
!
 dhcp server policy
   subnet y.y.y.y/25 name WALLGARDEN
     range y.y.y.x y.y.y.y.x
     default-lease-time 180


!
end

-- 
Nikolay Abromov
Mobile +44 (0) 7929408688


More information about the redback-nsp mailing list