Cisco Systems 6500 manual Policy url-rewrite

Page 75

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy url-rewrite

policy url-rewrite

To enter the URL rewrite configuration submode, use the policy url-rewritecommand. In URL rewrite configuration submode, you can define the URL-rewrite content policy that is applied to the payload.

 

 

policy url-rewriteurl-rewrite-policy-name

 

 

 

 

 

Syntax Description

 

url-rewrite-policy-name

URL rewrite policy name.

 

 

 

 

 

 

 

 

 

 

Defaults

 

This command has no default settings.

 

 

 

 

 

Command Modes

 

Context subcommand mode

 

 

 

 

 

 

 

Command History

 

Release

Modification

 

 

 

 

 

 

 

 

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

 

 

Release 2.1(1)

switches.

 

 

 

 

 

 

SSL Services Module

The policy url-rewritecommand (entered in context subcommand mode)

 

 

 

Release 3.1(1)

replaces the ssl-proxy policy url-rewritecommand (entered in global

 

 

 

subcommand mode).

 

 

 

 

 

 

 

 

 

 

Usage Guidelines

 

URL rewrite allows you to rewrite redirection links only.

 

 

A URL rewrite policy consists of up to 32 rewrite rules for each SSL proxy service.

 

 

Table 2-6lists the commands that are available in proxy-policy configuration submode.

Table 2-6 Proxy-policy Configuration Submode Command Descriptions

default

Sets a command to its default settings.

 

 

exit

Exits from proxy-policy configuration submode.

 

 

help

Provides a description of the interactive help system.

 

 

[no] url url-string [clearport port-number

Allows you to configure the URL string to be rewritten. Use the no form of

sslport port-number]

this command to remove the policy.

 

 

url-string—Specifies the host portion of the URL link to be rewritten; it can have a maximum of 251 characters. You can use the asterisk (*) wildcard only as a prefix or a suffix of a hostname in a rewrite rule. For example, you can use the hostname in one of the following ways:

www.cisco.com

*.cisco.com

wwwin.cisco.*

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-49

 

 

 

Image 75
Contents Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T SNatpool Acronyms A-1 OL-9105-01 Chapter Title Description AudienceOrganization Related DocumentationExample, interface interface type ConventionsConvention Description Boldface fontCisco.com Obtaining DocumentationCisco Product Security Overview Documentation FeedbackObtaining Technical Assistance Reporting Security Problems in Cisco ProductsXii Submitting a Service RequestXiii Obtaining Additional Publications and InformationXiv This chapter includes the following sections Getting HelpHow to Find Command Options Command Comment Complete the command. If additional Must enter next on the command lineMode keyword After you enter the mode keywordConfigure terminal Understanding Command ModesCommand Mode Access Method Prompt Exit Method Configure terminal privileged ExecWith an interface Using the No and Default Forms of CommandsInterface command Image using the boot system flash filenameCharacter Special Meaning Using the CLI String SearchDA-D \$ \ \+Aeiou AbcdABCDThis string matches any number of asterisks Telebit 3107 v32bisCharacter Ba?b$\.12 Za-z0-9+Codex telebit AbcdWith For example1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300OL-9105-01 A P T E R Release Modification DefaultsCommand Modes Command History Clear ssl-proxy connDefaults Command Modes Command History Clear ssl-proxy contentUsage Guidelines Clear ssl-proxy sessionClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats 3des Crypto pki export pemTerminal DesCrypto pki import pem Related CommandsUsage-keys Defaults Command HistoryCrypto pki import pem ExportableCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 This example shows how to import a PKCS12 file using SCP Filename TP2? /users/admin-1/pkcs12/TP2.p12Crypto Crypto key encrypt rsa Crypto key decrypt rsaName key-name Passphrase passphraseCrypto key encrypt rsa Crypto key decrypt rsaCrypto key lock rsa Crypto key export rsa pem Keylabel Name of the keyOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key System-Imports from the system file system Crypto key import rsa pemInstead of one general-purpose key pair Null-Imports from the null file systemPEM-formatted RSA key to the SSL Services Module Passphrase passphrase Crypto key lock rsaCrypto key lock rsa name key-namepassphrase passphrase Name key-name Optional Name of the keyCrypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsaDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Do command Command EXEC-level command to be executedConfiguration mode Syntax Description Defaults Command Modes Command History Interface ssl-proxySyntax Description Standby ip Standby authenticationStandby delay minimum reload Standby timersSsl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxyNatpool nat-pool-name startipaddr endipaddr netmask netmask Context subcommand modeThis example shows how to define a pool of IP addresses NatpoolFailed-interval seconds Syntax Description Defaults Command ModesPolicy health-probe tcp Interval secondsRunning on server IP address Open-timeout secondsSsl-proxyconfig#ssl-proxy context ssl Ssl-proxyconfig-context#policy health-probe tcp probe1Page Policy that is applied to the payload Policy http-headerClient-cert pem AliasField To Insert Description Client-cert pem Prefix Client-ip-portCustom custom-string Inserts the custom-stringheader into the Http headerSSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policyPolicy ssl Close-protocol is disabledSession-caching is enabled Timeout session timeout absoluteSSL-Policy Configuration Submode Command Descriptions Renegotiation interval time Renegotiation volume sizeTimeout handshake timeout HelpOL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cacheOL-9105-01 Policy tcp No timeout inactivity timeout-in-seconds Delayed-ack-threshold delayDelayed-ack-timeout timer No timeout fin-wait timeout-in-secondsServer to client connection, the server connection must be No timeout reassembly timeForm of this command to return to the default setting No tos carryoverSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1Pool ca Pool ca ca-pool-nameCa-pool-name Certificate authority pool name Service Certificate rsa general-purpose trustpoint Authenticate verify all signature-onlyDefault certificate inservice nat server InserviceVirtual policy ssl ssl-policy-name Virtual policy tcpVlan vlan Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service clientVlan vlan Nat server client natpool-nameVirtual policy ssl ssl-policy-name Virtual policy tcpSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show ionterfaces Show interfaces ssl-proxyShow interfaces ssl-proxy 0.subinterface Policy tcpSsl-proxy#show ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Show ssl-proxy buffersShow ssl-proxy certificate-history Show ssl-proxy certificate-history service nameService name Specific proxy serviceRecord 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-historyRelated Commands service Remote Show ssl-proxy conn4tuple LocalSsl-proxy#show ssl-proxy conn Context name Module module200.200.1438814 58796 Name Optional Name of the context Context DefaultShow ssl-proxy context Show ssl-proxy context nameDetails Show ssl-proxy crash-infoShow ssl-proxy crash-info brief details BriefSsl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack topShow ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Natpool Show ssl-proxy natpoolShow ssl-proxy natpool namecontext name Context nameUrl-rewrite Show ssl-proxy policyHealth-probe tcp Http-headerSsl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Ssl-proxy#show ssl-proxy service S6 Show ssl-proxy serviceShow ssl-proxy service namecontext name Ssl-proxy#show ssl-proxy serviceService client Content Show ssl-proxy statsShow ssl-proxy stats type Stats This example shows how to display the PKI statistics This example shows how to display the TCP statisticsThis example shows how to display context statistics Ssl-proxy#show ssl-proxy stats context Context name DefaultSsl-proxy# show ssl-proxy stats hdr Ssl-proxy#show ssl-proxy stats content This example shows how to display content statisticsShow ssl-proxy status Show ssl-proxy status fdu ssl tcpShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Optional Displays debug information Show ssl-proxy vlanShow ssl-proxy vlan vlan-iddebugmodule module DebugDefaults Command Modes Command History Examples Snmp-server enableDescription description Command Purpose and Guidelines DefaultsSsl-proxy context Ssl-proxy context name No ssl-proxy context namePool ca name Policy ssl policy-namePolicy tcp policy-name Policy url-rewrite policy-nameTime-interval Seconds Global configurationThis example shows how to start a cryptographic self-test Ssl-proxy crypto selftestSsl-proxy mac address This example shows how to configure a MAC addressRelated Commands show ssl-proxy mac address Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232Ssl-proxy pki This example shows how to specify the cache size This example shows how to enable PKI event-historyRelated Commands show ssl-proxy stats Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsaSsl-proxy ip-frag-ttl time Time is 6 seconds Global configurationSsl-proxyconfig#ssl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttlSsl-proxy ssl ratelimit No ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy ssl ratelimitGroup-number is String is cisco Standby authenticationMin-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reloadShow standby delay Ssl-proxyconfig#interface ssl-proxySsl-proxyconfig-subif#standby delay minimum 30 reload Group-number is Defaults Command Modes Command History Usage GuidelinesStandby ip Secondary100 Used by the hot standby group is learned using HsrpMac-address MAC address Standby mac-addressStandby group-numbermac-addressmac-address No standby group-numbermac-address102 Ssl-proxyconfig-subif#standby 1 mac-addressThat is used in the end nodes Show standbyStandby mac-refresh Standby mac-refresh seconds no standby mac-refresh103 Group-name Name of the standby group Hsrp is disabledStandby name Standby name group-name No standby name group-name105 Standby preemptTo become the active router Operation returns to the default behaviorLeaves any synchronization delay if it was configured ClientsGroup-number is Priority is Standby priorityStandby group-numberpriority priority No standby group-numberpriority priority108 This example shows how to change the router priority109 Standby redirects110 Related Commands show standbySsl-proxyconfig-subif#standby redirects timers 90 Show standby redirect111 Standby timersMsec Optional Specifies the interval in milliseconds112 113 Standby trackDecrement priority Or comes back up114 Router a ConfigurationRouter B Configuration Related Commands standby preemptOn which it was entered, instead of the major interface Standby use-biaStandby use-bia scope interface no standby use-bia Scope interfaceSpecifies Hsrp version This example shows how to configure Hsrp versionStandby version Standby version 1Acronym Expansion CEF CbacCCA CDPDspu DramDsap DscpIDP ICDIcmp IDBMFD MD5Mdix MdssPAE OSIOSM OspfRPC RmonROM RommonTACACS+ STPSVC SVIXerox Network System Weighted round-robinWRR XNSOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 IN-1 # character privileged Exec mode promptAsterisk + plus sign Period ? command Caret $ characterIN-2 IN-3 IN-4 IN-5 TCPIN-6 Configuration submode User Exec mode, summary
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb