Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1598
Views
0
Helpful
4
Replies

x-forwarded-proto , it is possible on ACE ?

Go to solution
gianluca811
Level 1
Level 1

‎11-10-2014 03:24 AM

Hi,

referring to the previously request   https://supportforums.cisco.com/discussion/12346961/ace-ssl-terminator-doesnt-work#comment-10063251

brefly:

Public IP 22.235.121.6 port 80 --> balanced on 192.168.250.165-166 on port 8889

Public IP 22.235.121.6 port 443 --> my ace terminate ssl and balance the traffic in clear text to 192.168.250.165-166 on port 8889

 

The sysadmin added a new problem:

the real server now receive all packets in http, it is possible configure the x-forwarded-proto on the LB so the real server is able to understand if a request is originated from http or https ?

I didn't find official document on Cisco Ace documentation, can anyone help me ?

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-11-2014 05:04 AM

Hi,

You can use the x-forwarded-proto on L7 policy map:

Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"

or create an action list and associate action list with policy:

 header insert request X-Forwarded-Proto header-value “%pd”

%is is for client IP, similary you can add source port as well.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-11-2014 05:04 AM

Hi,

You can use the x-forwarded-proto on L7 policy map:

Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"

or create an action list and associate action list with policy:

 header insert request X-Forwarded-Proto header-value “%pd”

%is is for client IP, similary you can add source port as well.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

0 Helpful

Go to solution
gianluca811
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-12-2014 03:31 AM

it's working thanks, but the real server receive now port 443, this is a problem from application point of view that should receive https.

In the end:

It is possible send to the real server https instead of 443 ?

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to gianluca811

‎11-12-2014 09:41 AM

Hi,

I didn't get the question? The x-fwd-proto will send the original destination port on which client came and that was your requirement or something else?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Go to solution
gianluca811
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-12-2014 10:21 AM

my sysadmin rised this concern. In the x-fwd-proto header instead of put 443, it is possible put https?

I don't know the application on the server how work, but this is the request, look like a bit wired, I know. Anyway I can say it is not possible change 443 with https, because from Network point of view doesn't make sense.

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card