Src IP HTTP header insertion problem

Unanswered Question

I have configured a vserver to loadbalance to 2 proxy servers over TCP port 8080.

I use a policy to insert the source ip address of the client workstation to be

inserted in the HTTP header.


We use the same vserver to loadbalance HTTPS traffix.

Appearantly the CSM also tries to insert the ip address when HTTPS traffic

is passing this vserver.


Is this a correct beheavior? How can I solve this one?

Thanks!

Regards Wim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 01/23/2006 - 05:26
User Badges:
  • Cisco Employee,

are you using the same vserver for both http and https ?

The CSM does not make distinction between http and https.

Therefore, if the https traffic hits a vserver with http header insert turned one, it will try to do so.


You need to split http and https traffic and make sure the vserver handling https is not configured with header insert.


Regards,


Gilles.

Thanks for rating this answer.

Gilles Dufour Mon, 01/23/2006 - 09:38
User Badges:
  • Cisco Employee,

Actually mozilla lets you specify different ports for proxy http and proxy https.


Anyway, are the servers behing your CSM proxy servers ?


Do you have 'persistent rebalance" configured ?

If so, could you try to turn do 'no persistent rebalance' and see if that solves your problem.


Normally, https connection via a proxy are still done with HTTP connection with the request "CONNECT x.x.x.x:443" and the CSM should be able to inset the requested info.

But we need to avoid the CSM to inspect further packets as this would be ssl traffic -> so disable peristent rebalance.


Just an idea.


Regards,


Gilles.

Unfortunatly our company does not allow any other browser then IE :(


The PROXY server are somewhere in DMZ. Loadbalancer in the internal network. We preform source-NAT when the CSM loadbalances to the proxy servers.


Indeed, persistent rebalance is activated. I 'll try disable this parameter.


Thanks for info!

Wim.

Actions

This Discussion