Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
2
Replies

ACE One-Arm Source-NAT HTTP Header Insert

Go to solution
robert.horrigan
Level 2
Level 2

‎06-02-2011 01:30 PM

Hellow ACE Gurus,

This is probably a dumb question but I'm looking for info on HTTP Header Insert for SSL sessions.  Does the HTTP header re-write action list work for SSL traffic?  I guess I'm not clear on whether or not the header is encrypted and if the ACE can modify on an HTTPS session.  Any input would be greatly appreciated.

/r

Rob

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎06-03-2011 02:45 AM

Hi Rob,

When using HTTPS, all the data is encrypted, including the HTTP headers.

In such a situation, if you want to insert headers (or do any other kind of L7 processing), you will have to configure the ACE to do SSL termination. Once the connection is decrypted, the ACE can do any processing it needs before sending the connection towards the server either in clear text or again using HTTPS.

I would recommend you to have a look at the link below. This is an example of how to configure an ACE for end-to-end SSL (so, HTTPS on both sides of the ACE). In the example, the only L7 processing that is being done is matching on the URL, but it would be enough to replace that part with whatever header insertion commands you need
http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

If you still need more help to understand any of the points involved in the process, please, do not hesitate to contact me again.

Regards

Daniel

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎06-03-2011 02:45 AM

Hi Rob,

When using HTTPS, all the data is encrypted, including the HTTP headers.

In such a situation, if you want to insert headers (or do any other kind of L7 processing), you will have to configure the ACE to do SSL termination. Once the connection is decrypted, the ACE can do any processing it needs before sending the connection towards the server either in clear text or again using HTTPS.

I would recommend you to have a look at the link below. This is an example of how to configure an ACE for end-to-end SSL (so, HTTPS on both sides of the ACE). In the example, the only L7 processing that is being done is matching on the URL, but it would be enough to replace that part with whatever header insertion commands you need
http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

If you still need more help to understand any of the points involved in the process, please, do not hesitate to contact me again.

Regards

Daniel

0 Helpful

Go to solution
robert.horrigan
Level 2
Level 2
In response to Daniel Arrondo Ostiz

‎06-03-2011 06:16 AM

Daniel,

Great!  Just what I was looking for.  Thanks so much - rate 5.

0 Helpful
Customers Also Viewed These Support Documents