Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

How to Filter Initial Client HTTP Headers on a CSS11506 SSL module

Is there any way to filter the initial client headers on a css11506 ssl module ?? (software version 8.1)

This is one of the default options on the "old" SCA11000 appliances.

3 REPLIES
New Member

Re: How to Filter Initial Client HTTP Headers on a CSS11506 SSL

Jaap,

In what way do you wish to filter the headers? You can use header field groups to load balance based on most headers that clients can send. When using an SSL module, you can also insert SSL specific headers into requests and responses.

Peter

New Member

Re: How to Filter Initial Client HTTP Headers on a CSS11506 SSL

Peter,

I thought that SSL filtering on anything above layer 4 was impossible for SSL because the payload is encrypted? Or are you refering to a HTTPS to HTTP redirect, with filters on the cleartext side of the conversation?

Thanks,

Douglas

Cisco Employee

Re: How to Filter Initial Client HTTP Headers on a CSS11506 SSL

Douglas, with an SSL module, the CSS can decrypt HTTPS traffic and see the cleartext HTTP traffic.

We can then apply any rules to the header.

I think in this case, the question refered to some data injected in the http header by the CSS and filter what data from the client certificate should be dropped or inserted.

We currently do not have this option on the CSS.

Gilles.

108
Views
0
Helpful
3
Replies
CreatePlease to create content