11-10-2014 03:24 AM
Hi,
referring to the previously request https://supportforums.cisco.com/discussion/12346961/ace-ssl-terminator-doesnt-work#comment-10063251
brefly:
Public IP 22.235.121.6 port 80 --> balanced on 192.168.250.165-166 on port 8889
Public IP 22.235.121.6 port 443 --> my ace terminate ssl and balance the traffic in clear text to 192.168.250.165-166 on port 8889
The sysadmin added a new problem:
the real server now receive all packets in http, it is possible configure the x-forwarded-proto on the LB so the real server is able to understand if a request is originated from http or https ?
I didn't find official document on Cisco Ace documentation, can anyone help me ?
Solved! Go to Solution.
11-11-2014 05:04 AM
Hi,
You can use the x-forwarded-proto on L7 policy map:
Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"
or create an action list and associate action list with policy:
header insert request X-Forwarded-Proto header-value “%pd”
%is is for client IP, similary you can add source port as well.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
11-11-2014 05:04 AM
Hi,
You can use the x-forwarded-proto on L7 policy map:
Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"
or create an action list and associate action list with policy:
header insert request X-Forwarded-Proto header-value “%pd”
%is is for client IP, similary you can add source port as well.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
11-12-2014 03:31 AM
it's working thanks, but the real server receive now port 443, this is a problem from application point of view that should receive https.
In the end:
It is possible send to the real server https instead of 443 ?
11-12-2014 09:41 AM
Hi,
I didn't get the question? The x-fwd-proto will send the original destination port on which client came and that was your requirement or something else?
Regards,
Kanwal
Note: Please mark answers if they are helpful.
11-12-2014 10:21 AM
my sysadmin rised this concern. In the x-fwd-proto header instead of put 443, it is possible put https?
I don't know the application on the server how work, but this is the request, look like a bit wired, I know. Anyway I can say it is not possible change 443 with https, because from Network point of view doesn't make sense.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide