Web-caching WCCP

August 28, 2008 at 11:56 pm | Posted in IP Services | Leave a comment

Enable webcaching, and securing only WCCP server from certain IP

access-list 99 remark Web-cache server
access-list 99 permit 129.1.3.33

access-list 100 remark Host on the subnet to bypass web-caching
access-list 100 deny   tcp host 129.1.3.100 any eq www
access-list 100 permit ip any any

ip wccp web-cache group-list 99 redirect-list 100

! Alternatively if we just want to enable web-caching without specifying ACL
ip wccp web-cache

interface FastEthernet 0/0
ip wccp web-cache redirect in

! The following to exclude an interface from webcaching.

interface FastEthernet 0/1
 ip wccp redirect exclude in

! Excluding an interface from webcasing should be used
! when we specify an interface e.g. S0/0 for redirecting
! traffic going out of that interface, comming from any interfaces

interface Serial0/0
 ip wccp web-cache redirect out
WCCP Outbound ACL Check

The following configuration example shows that the access list prevents traffic from network 10.0.0.0 leaving Fast Ethernet interface 0/0. Because the outbound ACL check is enabled, WCCP does not redirect that traffic. WCCP checks packets against the ACL before they are redirected.

ip wccp web-cache

ip wccp check acl outbound

interface fastethernet0/0

ip access-group 10 out

exit

ip wccp web-cache redirect-list redirect-out

access-list 10 deny 10.0.0.0 0.255.255.255

access-list 10 permit any

If the outbound ACL check is disabled, the HTTP packets from network 10.0.0.0 would be redirected to a web cache. Users with that network address could retrieve web pages even though the network administrator wanted to prevent it.

Doc CD Navigation

  • Cisco IOS IP Application Services Configuration Guide, Release 12.4

  • Configuring WCCP

  • Configuration Examples for WCCP

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: