Cisco Explorer 4700 Installation Guide Page 516

  • Download
  • Add to my manuals
  • Print
  • Page
    / 648
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 515
12-96
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 12 Configuring Traffic Policies
Configuring Actions Lists
Configuring SSL Header Insertion
Note The SSL Header Insertion feature does not apply to the ACE NPE software version (see the “Information
About the ACE No Payload Encryption Software Version” section on page 1-2).
You can configure an HTTP header modify action list that performs SSL header insertion.
When a client sends encrypted traffic to the ACE in an SSL termination configuration, the ACE
terminates the SSL traffic and then sends clear text to the server, which is unaware of the encrypted
traffic flowing between the client and the ACE. Using an action list associated with a Layer 7 HTTP
load-balancing policy map, you can instruct the ACE to perform SSL HTTP header insertion. The ACE
provides the server with the following SSL session information by inserting HTTP headers into the
HTTP requests that it receives over the connection:
Session Parameters—SSL session parameters that the ACE and client negotiate during the SSL
handshake.
Server Certificate Fields—Information regarding the SSL server certificate that resides on the ACE.
Client Certificate Fields—Information regarding the SSL client certificate that the ACE retrieves
from the client when you configure the ACE to perform client authentication.
Note To prevent HTTP header spoofing, the ACE deletes any incoming HTTP headers that match one of the
headers that it is going to insert into the HTTP request.
By default, the ACE inserts the SSL header information into the first HTTP request only that it receives
over the connection. When the ACE and client need to renegotiate their connection, the ACE updates
the HTTP header information that it send to the server to reflect the new session parameters. You can
also instruct the ACE to insert the session information into every HTTP request that it receives over the
connection by creating an HTTP parameter map with either the Header Modify Per-Request or HTTP
Persistence Rebalance options enabled (see the “Configuring HTTP Parameter Maps” section on
page 8-2).
Note The maximum amount of data that the ACE can insert is 512 bytes. The ACE truncates the data if it
exceeds this limit.
Procedure
Step 1 Choose Config > Virtual Contexts > context > Expert > HTTP Header Modify Action Lists.
The HTTP Header Modify Action Lists table appears.
Step 2 In the HTTP Header Modify Action Lists table, do one of the following:
To add a new action list, click Add. In the Action List Name field, enter a unique name for the action
list. Valid entries are unquoted text strings with a maximum of 64 alphanumeric characters. Click
Deploy Now when completed to save the configuration and display the editing tabs.
To edit an existing action list, choose the action list and click Edit to display the editing tabs.
Step 3 Click the SSL Header Insert tab.
The SSL Header Insert table appears.
Step 4 In the SSL Header Insert table, click Add to add a new entry to the SSL Header Insert table.
Page view 515
1 ... 515 516 517 ... 648

Comments to this Manuals

No comments