Header-inserts

grichardson661 · ‎02-03-2014

Hi,

So i'm looking at header-inserts on the ACE. We have a requirement to to instruct the ACE to redirect from HTTP to HTTPS should a HTTP request be made. This is fine and has been implemented, however, after the redirect we need to insert an header into the packet to tell the web server listening on port 80 that the packet has been decrypted and did arrive on HTTPS after the redirect. What sort of header-insert would normally handle this?

Cheers,

Kanwaljeet Singh · ‎02-03-2014

Hi,

You can insert IP and port in client requests that come on to ACE using x-forwarded-for but i am not sure if webserver will know that the request originally came on HTTPS even after CLIENT IP AND PORT insertion. Normally this is used for reporting purposes. If the purpose is just to know the original client IP and PORT then that's how you do it.

Now, normally in situation where front end is HTTPS and backend is HTTP, in case a webserver issues a redirect it will be "HTTP". ACE will forward that redirect as it is and client will switch the connection from HTTPS to HTTP and that will be a problem. So to deal with these situations ACE has the capability to rewrite the redirect issued by webserver itself from HTTP to HTTPS so the connection stays HTTPS. If the purpose to telling the webserver of client original PORT is to ensure that if any redirect issued by webserver is sent on HTTPS, then i am not sure if x-forwarded-for can help you. May be server team can throw some light on it. If the purpose is just to know the client original port then yes you can do it. Please have a look at "x-forwarded-for" under header-insertion.

Regards,

Kanwal