Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

help on using insert-http IS_SSL header-value "ssl" command

Hello All,

Can anybody help me to know more about the command "insert-http IS_SSL header-value "ssl"?

I know the above command ACE inserts a value ssl in the http header from ACE to the back end server.

please throw some ideas/points to understand:

1- Whey we have to use this command SSL temination?

2- If we do not use the command whether the ACE will reply back to the client that session is a HTTP session instead of https session?

3- for which design requirement we have to use this command?

Regards,

Thiyagu

1 REPLY
Cisco Employee

help on using insert-http IS_SSL header-value "ssl" command

Hi,

"insert-http IS_SSL header-value "ssl"?

It just indicate that ACE will insert a HTTP header with name "IS_SSL" with a value "ssl"

1- Whey we have to use this command SSL temination? ( Not sure of any command as SSL termincation )

I assume you are asking about command "insert-http"

We use it normally to pass some extra information to the server such as client ip, port etc.

Refer the following link for more details :

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/slb/guide/classlb.html#wp1313278

read section :

Configuring HTTP Header Insertion

SSL termination and header insertion are two different things. In case of HTTPS traffic in order to insert a header you need to configure SSL termination.

2- If we do not use the command whether the ACE will reply back to the client that session is a HTTP session instead of https session?

Answer: It is more of server requirement. They may be looking for some specific header and thats the reason you end up configuring "HTTP Header Insertion"

ACE does not take any decision based on header insertion. So ACE will do nothing in this case.

3- for which design requirement we have to use this command?

Specifically when you use client NAT then you need HTTP header insert.

Such as inserting header as "x-forward" to pass client IP address.

The below link explains you the same.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Hope that helps.

regards,

Ajay Kumar

767
Views
0
Helpful
1
Replies
CreatePlease to create content