Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
4
Replies

Src IP HTTP header insertion problem

wim.juste
Level 1
Level 1

‎01-23-2006 01:55 AM

I have configured a vserver to loadbalance to 2 proxy servers over TCP port 8080.

I use a policy to insert the source ip address of the client workstation to be

inserted in the HTTP header.

We use the same vserver to loadbalance HTTPS traffix.

Appearantly the CSM also tries to insert the ip address when HTTPS traffic

is passing this vserver.

Is this a correct beheavior? How can I solve this one?

Thanks!

Regards Wim

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-23-2006 05:26 AM

are you using the same vserver for both http and https ?

The CSM does not make distinction between http and https.

Therefore, if the https traffic hits a vserver with http header insert turned one, it will try to do so.

You need to split http and https traffic and make sure the vserver handling https is not configured with header insert.

Regards,

Gilles.

Thanks for rating this answer.

0 Helpful

wim.juste
Level 1
Level 1
In response to Gilles Dufour

‎01-23-2006 06:32 AM

Ok yes, but a proxyserver which is used for a browser always points to 1 specific IP address en TCP port.

Even if one does HTTP, HTTPs, other ...

So I can't tell the browser to go to ip A for HTTP and to go ip B for HTTPS.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to wim.juste

‎01-23-2006 09:38 AM

Actually mozilla lets you specify different ports for proxy http and proxy https.

Anyway, are the servers behing your CSM proxy servers ?

Do you have 'persistent rebalance" configured ?

If so, could you try to turn do 'no persistent rebalance' and see if that solves your problem.

Normally, https connection via a proxy are still done with HTTP connection with the request "CONNECT x.x.x.x:443" and the CSM should be able to inset the requested info.

But we need to avoid the CSM to inspect further packets as this would be ssl traffic -> so disable peristent rebalance.

Just an idea.

Regards,

Gilles.

0 Helpful

wim.juste
Level 1
Level 1
In response to Gilles Dufour

‎01-24-2006 01:22 AM

Unfortunatly our company does not allow any other browser then IE :(

The PROXY server are somewhere in DMZ. Loadbalancer in the internal network. We preform source-NAT when the CSM loadbalances to the proxy servers.

Indeed, persistent rebalance is activated. I 'll try disable this parameter.

Thanks for info!

Wim.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents