Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy http-header

policy http-header

Syntax Description

Defaults

Command Modes

To enter the HTTP header insertion configuration submode, use the policy http-headercommand.

policy http-headerhttp-header-policy-name

http-header-policy-name

HTTP header policy name.

 

 

This command has no default settings.

Context subcommand mode

Command History

 

Release

Modification

 

 

 

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

 

 

Release 2.1(1)

switches.

 

 

 

 

 

 

SSL Services Module

The policy http-headercommand (entered in context subcommand

 

 

 

Release 3.1(1)

mode) replaces the ssl-proxy policy http-headercommand (entered in

 

 

 

global subcommand mode).

 

 

 

This command was changed to add the following submode commands:

 

 

 

client-cert pem

 

 

 

alias

 

 

 

 

 

 

 

 

 

Usage Guidelines

 

In HTTP header insertion configuration submode, you can define the HTTP header insertion content

 

 

policy that is applied to the payload.

HTTP header insertion allows you to insert additional HTTP headers to indicate to the real server that the connection is actually an SSL connection. These headers allow server applications to collect correct information for each SSL session and/or client.

You can insert these header types:

Client Certificate—Client certificate header insertion allows the back-end server to see the attributes of the client certificate that the SSL module has authenticated and approved. When you specify client-cert, the SSL module passes the following headers to the back-end server:

Field To Insert

Description

 

 

ClientCert-Valid

Certificate validity state

 

 

ClientCert-Error

Error conditions

 

 

ClientCert-Fingerprint

Hash output

 

 

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-34

OL-9105-01

 

 

Page 60
Image 60
Cisco Systems 6500 manual Policy http-header, Client-cert pem, Alias, Policy that is applied to the payload