Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1778
Views
0
Helpful
2
Replies

Http header value insertion

Go to solution
Ulrich Hansen
Level 1
Level 1

‎07-08-2011 12:51 AM

Hello,

I'm looking into a solution, where I need to insert a header-value in the http-header, which will later be used by a Websphere Application Server to retrieve the original client ip. Currently, this is done using a Websphere-plugin on the HTTP server, which extracts the src.ip from the L3-header and generates, among other, two distinct header-values, $WSRA and $WSRH (think it's short fo RemoteAdress and RemoteHost). Theese values can the be intercepted by the Websphere server and provide some insight into the L3-information of the originating host.

This however, challanges my routing table, as I need to point my default-route towards the ACE and do an obscene amount of static routing toward public networks used by applications. Consequently, I'm planning on doing src.nat on the ACE on traffic destined for the web-portal, but past attempts to do so, presented a problem, as the only address the WAS-administrators could see, was the nat-address.

IBM has published a piece of paper, explaning this flow, which also involves setting the ACE as a trusted proxy. I'm thinking of doing the following and would very much appreciate, if anyone could validate this approach/method:

action-list type modify http al-websphere-insert-client-srcip

   header insert $WSRA header-value %is

   header insert $WSRH header-value %is

policy-map type loadbalance pmap-lb-web

  class class-default

    serverfarm [something]

    al-websphere-insert-client-srcip

Thanks

/Ulrich

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-08-2011 05:58 AM

Hi Ulrich,

I think it would be easier by using the insert-http command under the policy-map config.

In your case, it would look something like this:

host1/Admin(config)# policy-map type loadbalance http first-match L7SLBPOLICY

host1/Admin(config-pmap-lb)# class L7SLBCLASS

host1/Admin(config-pmap-lb-c)# insert-http Client-src header-value %is

This will add to the http request a new header with name Client-src and with the source IP of the client as value.
Just keep in mind that you'll need to attach this to a L7 policy to have it inserted and that you need to configure persistent rebalance if you want this header to be inserted in all requests.
More info on the command: 
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/command/reference/policy.html#wp1050668

Regards,
Nicolas

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-08-2011 05:58 AM

Hi Ulrich,

I think it would be easier by using the insert-http command under the policy-map config.

In your case, it would look something like this:

host1/Admin(config)# policy-map type loadbalance http first-match L7SLBPOLICY

host1/Admin(config-pmap-lb)# class L7SLBCLASS

host1/Admin(config-pmap-lb-c)# insert-http Client-src header-value %is

This will add to the http request a new header with name Client-src and with the source IP of the client as value.
Just keep in mind that you'll need to attach this to a L7 policy to have it inserted and that you need to configure persistent rebalance if you want this header to be inserted in all requests.
More info on the command: 
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/command/reference/policy.html#wp1050668

Regards,
Nicolas

0 Helpful

Go to solution
Ulrich Hansen
Level 1
Level 1
In response to Nicolas Fournier

‎07-08-2011 04:33 PM

Hi Nicolas,

Thanks for your reply.

I'll give your suggestion a try.

/Ulrich

0 Helpful
Customers Also Viewed These Support Documents