Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
1
Replies

help on using insert-http IS_SSL header-value "ssl" command

thiyagarajankalaiselvan
Level 1
Level 1

‎07-21-2013 09:09 PM

Hello All,

Can anybody help me to know more about the command "insert-http IS_SSL header-value "ssl"?

I know the above command ACE inserts a value ssl in the http header from ACE to the back end server.

please throw some ideas/points to understand:

1- Whey we have to use this command SSL temination?

2- If we do not use the command whether the ACE will reply back to the client that session is a HTTP session instead of https session?

3- for which design requirement we have to use this command?

Regards,

Thiyagu

Labels:
0 Helpful
1 Reply 1

ajayku2
Cisco Employee
Cisco Employee

‎07-22-2013 06:14 AM

Hi,

"insert-http IS_SSL header-value "ssl"?

It just indicate that ACE will insert a HTTP header with name "IS_SSL" with a value "ssl"

1- Whey we have to use this command SSL temination? ( Not sure of any command as SSL termincation )

I assume you are asking about command "insert-http"

We use it normally to pass some extra information to the server such as client ip, port etc.

Refer the following link for more details :

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/slb/guide/classlb.html#wp1313278

read section :

Configuring HTTP Header Insertion

SSL termination and header insertion are two different things. In case of HTTPS traffic in order to insert a header you need to configure SSL termination.

2- If we do not use the command whether the ACE will reply back to the client that session is a HTTP session instead of https session?

Answer: It is more of server requirement. They may be looking for some specific header and thats the reason you end up configuring "HTTP Header Insertion"

ACE does not take any decision based on header insertion. So ACE will do nothing in this case.

3- for which design requirement we have to use this command?

Specifically when you use client NAT then you need HTTP header insert.

Such as inserting header as "x-forward" to pass client IP address.

The below link explains you the same.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Hope that helps.

regards,

Ajay Kumar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents