cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
5
Helpful
3
Replies

SSL 443 to Clear 8080 Application wants to see :8080 in hdr

grahamlewis
Level 1
Level 1

Hello

I'm using a CSS11501 with SSLmod SSLclient_side - ClearServer_side.

All is fine except that the back-end (java) application wants to see :8080 in the header as if it were entered from a browser.

i.e http://160.1.1.1:8080/mypage.htm

not http://160.1.1.1/mypage.htm

Is there a way of inserting :8080 to calls to the server ?

I am sending traffic to the servers on port 8080 ok but get a MOCK application error returned - it just needs the :8080

A network trace showed the only difference between routing over the CSS (successful) or hitting the VIP (error returned) was that :8080 was missing in the http GET.

Any ideas ?

Thanks

Graham

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

Graham,

unfortunately the CSS (and it's the same for other loadbalancers) do not change the content of the traffic.

So, there is no way to add the :8080 to the Host Field.

(modifying the content means computing new CRC, checking packet size so it stays below MSS and MTU, ...)

You could either change your application to not look at the port inside the host field, or try a trick by redirecting the client to https://....:8080/...., decrypt this traffic and send it cleartext to the server.

It should come with the host field set to ...:8080

Gilles.

Many thanks Gilles

I think they will need to change their application.

I had tried everything I could think of but thought if there was another way - you would know.

A case of developers testing app's in an environment that in no way reflects the real world, I think?

Thanks again.

Graham

Hi Gilles, you suggestion has picqued my interest somewhat, but I am not sure where this redirection would potentially fit - are you proposing this before the initial SSL content rule?

I do agree the best option would be to mod the application, but it is always useful to know options, even if they are not the best of ideas!

Paul.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: