Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

 

 

 

policy http-header

 

 

 

 

Table 2-3 HTTP Header Insertion Configuration Submode Command Descriptions (continued)

 

 

 

 

 

 

 

 

 

Syntax

Description

 

 

 

 

 

 

 

 

 

client-ip-port

Inserts the client IP address and information about the client port into

 

 

 

 

the HTTP header, allowing the server to see the client IP address and

 

 

 

 

port.

 

 

 

 

 

 

 

 

 

custom custom-string

Inserts the custom-stringheader into the HTTP header.

 

 

 

 

 

 

 

 

 

prefix

Adds the prefix-stringto the HTTP header to enable the server to

 

 

 

 

identify the connections that come from the SSL module, not from other

 

 

 

 

appliances

 

 

 

 

 

 

 

 

 

session

Passes information that is specific to an SSL connection to the back-end

 

 

 

 

server as session headers.

 

 

 

 

 

 

 

 

 

 

 

 

 

Examples

 

This example shows how to enter the HTTP header insertion configuration submode:

 

 

 

ssl-proxy(config)#ssl-proxy context s1

 

 

 

ssl-proxy(config-context)# policy http-header test1

 

 

 

ssl-proxy(config-ctx-http-header-policy)#

 

This example shows how to allow the back-end server to see the attributes of the client certificate that the SSL module has authenticated and approved:

ssl-proxy(config-ctx-http-header-policy)# client-certssl-proxy(config-ctx-http-header-policy)#

This example shows how to insert the client IP address and information about the client port into the HTTP header, allowing the server to see the client IP address and port:

ssl-proxy(config-ctx-http-header-policy)# client-ip-portssl-proxy(config-ctx-http-header-policy)#

This example shows how to insert the custom-string header into the HTTP header:

ssl-proxy(config-ctx-http-header-policy)# custom "SOFTWARE VERSION:3.1(1)" ssl-proxy(config-ctx-http-header-policy)# custom "module:SSL MODULE - CATALYST 6500" ssl-proxy(config-ctx-http-header-policy)# custom type-of-proxy:server_proxy_1024_bit_key_sizessl-proxy(config-ctx-http-header-policy)#

This example shows how to add the prefix-string into the HTTP header:

ssl-proxy(config-ctx-http-header-policy)# prefix SSL-OFFLOADssl-proxy(config-ctx-http-header-policy)#

This example shows how to pass information that is specific to an SSL connection to the back-end server as session headers:

ssl-proxy(config-ctx-http-header-policy)# session ssl-proxy(config-ctx-http-header-policy)#

This example shows how to create a header alias for the standard “session-cipher-name” header:

ssl-proxy(config-ctx-http-header-policy)#alias My-Session-Cipher session-cipher-name

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-37

 

 

 

Page 63
Image 63
Cisco Systems 6500 Client-ip-port, Custom custom-string, Inserts the custom-stringheader into the Http header, Prefix