Solved: ACE: dropped conns due to header insert

danger_mousie · ‎12-02-2007

My LB is dropping connections on port 443 when I have "insert-http source header-value "%is" configured. Other ports such as 80, or 8080 are working. The config is the same for all ports.

class-map match-any Service_VIP_Class

4 match virtual-address 1.1.1.1 tcp eq https

policy-map type loadbalance first-match Service_L7_Policy

class class-default

serverfarm Service_Serverfarm

insert-http source header-value "%is"

policy-map multi-match Service_LB_Policy

class Service_VIP_Class

loadbalance vip inservice

loadbalance policy Service_L7_Policy

loadbalance vip icmp-reply active

loadbalance vip advertise active

I see dropped conns on the service policy. When I remove the header insertion config, it connects ok.

Please help!

Syed Iftekhar Ahmed · ‎12-02-2007

There is no way any device (including ACE) can open an https packet to insert anything.

Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.

Syed

View solution in original post

Syed Iftekhar Ahmed · ‎12-02-2007

There is no way any device (including ACE) can open an https packet to insert anything.

Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.

Syed

danger_mousie · ‎12-02-2007

Oops, makes sense.

Thanks.