So i'm looking at header-inserts on the ACE. We have a requirement to to instruct the ACE to redirect from HTTP to HTTPS should a HTTP request be made. This is fine and has been implemented, however, after the redirect we need to insert an header into the packet to tell the web server listening on port 80 that the packet has been decrypted and did arrive on HTTPS after the redirect. What sort of header-insert would normally handle this?
You can insert IP and port in client requests that come on to ACE using x-forwarded-for but i am not sure if webserver will know that the request originally came on HTTPS even after CLIENT IP AND PORT insertion. Normally this is used for reporting purposes. If the purpose is just to know the original client IP and PORT then that's how you do it.
Now, normally in situation where front end is HTTPS and backend is HTTP, in case a webserver issues a redirect it will be "HTTP". ACE will forward that redirect as it is and client will switch the connection from HTTPS to HTTP and that will be a problem. So to deal with these situations ACE has the capability to rewrite the redirect issued by webserver itself from HTTP to HTTPS so the connection stays HTTPS. If the purpose to telling the webserver of client original PORT is to ensure that if any redirect issued by webserver is sent on HTTPS, then i am not sure if x-forwarded-for can help you. May be server team can throw some light on it. If the purpose is just to know the client original port then yes you can do it. Please have a look at "x-forwarded-for" under header-insertion.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...