Chapter 3 Commands Specific to the Content Switching Module with SSL

ssl-proxy policy http-header

ssl-proxy policy http-header

To enter the HTTP header insertion configuration submode, use the ssl-proxy policy http-headercommand.

ssl-proxy policy http-header http-header-policy-name

Syntax Description

 

http-header-policy-name

HTTP header policy name.

 

 

 

 

Defaults

 

This command has no default settings.

Command Modes

Command History

Global configuration

Release

Modification

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

Release 2.1(1)

switches.

 

 

CSM-S release 1.1(1)

This command was introduced.

 

 

Usage Guidelines In HTTP header insertion configuration submode, you can define the HTTP header insertion content policy that is applied to the payload.

HTTP header insertion allows you to insert additional HTTP headers to indicate to the real server that the connection is actually an SSL connection. These headers allows server applications to collect correct information for each SSL session and/or client.

You can insert these header types:

Client Certificate—Client certificate header insertion allows the back-end server to see the attributes of the client certificate that the SSL module has authenticated and approved. When you specify client-cert, the SSL module passes the following headers to the back-end server:

Client IP and Port Address—Network address translation (NAT) removes the client IP address and port information. When you specify client-ip-port, the SSL module inserts the client IP address and information about the client port into the HTTP header, allowing the server to see the client IP address and port.

Custom—When you specify custom custom-string, the SSL module inserts the user-defined header into the HTTP header.

Prefix—When you specify prefix prefix-string, the SSL module adds the specified prefix into the HTTP header to enable the server to identify that the connections are coming from the SSL module, not from other appliances.

SSL Session—Session headers, including the session ID, are used to cache client certificates that are based on the session ID. The session headers are also cached on a session basis if the server wants to track connections that are based on a particular cipher suite. When you specify session, the SSL module passes information that is specific to an SSL connection to the back-end server as session headers.

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

3-54

OL-7029-01

 

 

Page 276
Image 276
Cisco Systems OL-7029-01 manual Ssl-proxy policy http-header http-header-policy-name