Forum Discussion
ac32f5_4938
Feb 09, 2011Nimbostratus
Migrating from CSS to F5
Hello All- We are in the process of migrating from CSS to F5. We termiate ssl on CSS and have the following addition config to insert ssl session info in the http header back to the web server. CSS to web server is http in this case and ssl terminates on the css
ssl-server 20 http-header session <---insert ssl session info (not sure what info exactly, can't find more info on cisco site)
and
ssl-server 20 http-header insert-per-request
i can't figure out how this translates to f5. i tried this irule and it didn't work, so it's probably more than just the session id that it's looking for.
when HTTP_REQUEST {
HTTP::header insert [SSL::modssl_sessionid_headers]
}
does anyone has any idea how to do this?
Thanks
Andy
- Chris_MillerAltostratusExactly what SSL info are you trying to insert?
- ac32f5_4938Nimbostratuswhatever is currently being inserted, i need to insert the exact same info..
- Chris_MillerAltostratusJust to make sure, you're terminating SSL (using a client SSL profile) on your F5 Virtual Server, right? The iRule you tried definitely seems to be on the right track.
- ac32f5_4938Nimbostratusyes we are terminating on F5. this iRule only inserts session_id..i have to figure out how to insert the rest..
- Chris_MillerAltostratusYou can use SSL::cipher for name, key size, and version.
when HTTP_REQUEST { HTTP::header insert [SSL::modssl_sessionid_headers] HTTP::header insert CipherName [SSL::cipher name] HTTP::header insert CipherVersion [SSL::cipher version] HTTP::header insert CipherKeySize [SSL::cipher bits] }
- ac32f5_4938Nimbostratusi'll give it a shot..
- Chris_MillerAltostratusPosted By ac32f5 on 02/10/2011 03:17 PM
- ac32f5_4938Nimbostratusnope...working with the developers to see what they are expecting..
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects