Nested CSW rules provides the ability to perform Boolean (AND, OR etc) based conditions on standard csw rules.
Within this example we will be :
- Redirecting any request that has a host header of ‘PRODUCTION.example.com’ and containing a URL request for /FOLDER/index.html to ‘/REDIRECT/index.html’
- Balancing any request that has a host header of ‘STAGING.example.com’ and containing a URL request for /FOLDER/index.html to either SERVER1 or SERVER2
- Forwarding any request that contains a URL request for ‘/FOLDER/index.html’ to SERVER3.
CSW Rules
First of all the csw rules are created (including the csw nested-rules).
csw-rule "csw-rule1" header "Host" equals "PRODUCTION.example.com"
csw-rule "csw-rule2" header "Host" equals "STAGING.example.com"
csw-rule "csw-rule3" url prefix "/FOLDER/index.html"
csw-rule "csw-rule1-nested" nested-rule "csw-rule1 && csw-rule3"
csw-rule "csw-rule2-nested" nested-rule "csw-rule2 && csw-rule3"
CSW Policy
We then create a csw policy. This defines actions for each of the csw rules when matched.
csw-policy CSW-POLICY
match "csw-rule1-nested" redirect "*" "/REDIRECT/index.html" 80 301
match "csw-rule2-nested" forward 1
match "csw-rule3" forward 1024
Virtual / Real Servers
Finally each of the servers are defined a server-id and a group-id. CSW is also enabled and the csw policy associated to the virtual server.
server real REALSERVER1 192.168.1.11
port http
port http keepalive
port http url "HEAD /index.html"
port http server-id 1024
port http group-id 1 1
server real REALSERVER2 192.168.1.12
port http
port http keepalive
port http url "HEAD /index.html"
port http server-id 1025
port http group-id 1 2
server real REALSERVER3 192.168.1.13
port http
port http keepalive
port http url "HEAD /index.html"
port http server-id 1026
port http group-id 1 3
server virtual VIRTUALSERVER 172.16.1.100
port http
port http keepalive
port http csw
port http csw-policy "CSW-POLICY"
port http REALSERVER1 http
port http REALSERVER2 http
port http REALSERVER3 http
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial