Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

x-forwarded-proto , it is possible on ACE ?

Hi,

referring to the previously request   https://supportforums.cisco.com/discussion/12346961/ace-ssl-terminator-doesnt-work#comment-10063251

brefly:

Public IP 22.235.121.6 port 80 --> balanced on 192.168.250.165-166 on port 8889

Public IP 22.235.121.6 port 443 --> my ace terminate ssl and balance the traffic in clear text to 192.168.250.165-166 on port 8889

 

The sysadmin added a new problem:

the real server now receive all packets in http, it is possible configure the x-forwarded-proto on the LB so the real server is able to understand if a request is originated from http or https ?

I didn't find official document on Cisco Ace documentation, can anyone help me ?

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi,You can use the x

Hi,

You can use the x-forwarded-proto on L7 policy map:

Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"

or create an action list and associate action list with policy:

 header insert request X-Forwarded-Proto header-value “%pd”

%is is for client IP, similary you can add source port as well.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

4 REPLIES
Cisco Employee

Hi,You can use the x

Hi,

You can use the x-forwarded-proto on L7 policy map:

Admin(config-pmap-lb-c)# insert-http X-Forwarded-Proto header-value "%pd"

or create an action list and associate action list with policy:

 header insert request X-Forwarded-Proto header-value “%pd”

%is is for client IP, similary you can add source port as well.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

New Member

it's working thanks, but the

it's working thanks, but the real server receive now port 443, this is a problem from application point of view that should receive https.

In the end:

It is possible send to the real server https instead of 443 ?

Cisco Employee

Hi,I didn't get the question?

Hi,

I didn't get the question? The x-fwd-proto will send the original destination port on which client came and that was your requirement or something else?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

New Member

my sysadmin rised this

my sysadmin rised this concern. In the x-fwd-proto header instead of put 443, it is possible put https?

I don't know the application on the server how work, but this is the request, look like a bit wired, I know. Anyway I can say it is not possible change 443 with https, because from Network point of view doesn't make sense.

 

Thanks

694
Views
0
Helpful
4
Replies
CreatePlease login to create content