Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Src IP HTTP header insertion problem

I have configured a vserver to loadbalance to 2 proxy servers over TCP port 8080.

I use a policy to insert the source ip address of the client workstation to be

inserted in the HTTP header.

We use the same vserver to loadbalance HTTPS traffix.

Appearantly the CSM also tries to insert the ip address when HTTPS traffic

is passing this vserver.

Is this a correct beheavior? How can I solve this one?

Thanks!

Regards Wim

4 REPLIES
Cisco Employee

Re: Src IP HTTP header insertion problem

are you using the same vserver for both http and https ?

The CSM does not make distinction between http and https.

Therefore, if the https traffic hits a vserver with http header insert turned one, it will try to do so.

You need to split http and https traffic and make sure the vserver handling https is not configured with header insert.

Regards,

Gilles.

Thanks for rating this answer.

Community Member

Re: Src IP HTTP header insertion problem

Ok yes, but a proxyserver which is used for a browser always points to 1 specific IP address en TCP port.

Even if one does HTTP, HTTPs, other ...

So I can't tell the browser to go to ip A for HTTP and to go ip B for HTTPS.

Cisco Employee

Re: Src IP HTTP header insertion problem

Actually mozilla lets you specify different ports for proxy http and proxy https.

Anyway, are the servers behing your CSM proxy servers ?

Do you have 'persistent rebalance" configured ?

If so, could you try to turn do 'no persistent rebalance' and see if that solves your problem.

Normally, https connection via a proxy are still done with HTTP connection with the request "CONNECT x.x.x.x:443" and the CSM should be able to inset the requested info.

But we need to avoid the CSM to inspect further packets as this would be ssl traffic -> so disable peristent rebalance.

Just an idea.

Regards,

Gilles.

Community Member

Re: Src IP HTTP header insertion problem

Unfortunatly our company does not allow any other browser then IE :(

The PROXY server are somewhere in DMZ. Loadbalancer in the internal network. We preform source-NAT when the CSM loadbalances to the proxy servers.

Indeed, persistent rebalance is activated. I 'll try disable this parameter.

Thanks for info!

Wim.

146
Views
0
Helpful
4
Replies
CreatePlease to create content