cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1383
Views
0
Helpful
2
Replies

Host Header sent by Client to VIP being changed by ACE

beammeup100
Level 1
Level 1

We have a VIP configured to carry out SSL Termination for the incoming connection and then forwards the request as HTTP to the Real (Servers.From the Logs on the  Servers it appears the ACE Load Balancer is changing the Host Header Parameter set in the Client to the IP Address of  of the Real Servers,strangely enough not every time but on the vast majority of times.As the Servers Application is expectiong to see the Client Host Header value in all requests the Application fails.

The only thing different with this VIP from all the others we are using that are operating ok is that the Real Servers are going to a Websphere Cluster and there appears to be alot of redirects generated by the Application.

There was a couple of questions i was wondering if anyone knows the answer to as i can't find in any documentation:

1.Is it normal behavior for the Ace to rewrite the Host Header sent by theClient to the Real Server IP Addresses and if not what would cause it to do this ?

2.Is there any way to "force " the ACE to set the Host Header to the Value sent by the Client ?  

Any help or infomration would be much appreciated....

2 Replies 2

chrhiggi
Level 3
Level 3

Scott-

Can you send your configuration?  ACE does not, and cannot modify the host header unless you have it configured to do so. SSL is handled by either a Cadvium, Cadvium II, or Nitrox daughtercard which strips the SSL from the data, then dumps the raw data back to the microengines. Once that is done, the ACE chooses a server, creates an IP header for the packet and forwards it on to the server (after a 3 way handshake.)  There actually is no way to configure ACE to change a host header to be the rserver you are sending it to currently. 

If you want to definitively see what is going on, we would need a capture on the interface ACE is connected to the switch on (either the physcial interfaces ofa 4710, or the internal 10GB interface of an ACE10/20/30 using a monitor session.)

You can take the private key and decrypt the front end, then compare what ACE sends out the back.

Regards,

Chris Higgins

Chris,thanks for the reply,the configuration is very simple with definetly no parameters configured to change the Host Header .To progress i think i am going to have to get the packet captures from the Server and perhaps Load Balancers.The only evidence i have that this is what is happening is in the Websphere Logs.If the Load Balancer isn't changing the Host Header then i suspect it is somthing to do with Websphere Clustering & the Application why they are seeing the Host Header value changing in the logs,if i do manage to get to the bottom of it i will post an update.

Thanks again....Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: