Forum Discussion

Chris_Miller's avatar
Icon for Altostratus rankAltostratus
May 01, 2011

Modify HTTP Request to Clone Pool

We've been talking about this a bit internally but I thought I'd see if anyone on DC had any additional thoughts.



Situation - You must send traffic to your pool members over SSL while sending clear-text to your IDS. This is easy enough using the "virtual" command where your clone pool is attached to the first virtual (just client SSL profile) and your default pool is attached to your second virtual (listens on port 80, just has server ssl profile to encrypt traffic to pool.




Challenge - People post login credentials to your site and you don't want your IDS to see them as they'll be in clear-text. You still want to see the POST, but without a certain string of characters. You obviously need the original request to be sent to your default pool though so users are able to login.






1 Reply

  • That's an interesting challenge.



    Traffic to a Clone Pool is supposed to be an exact copy of what is sent to the Target Servers and an exact copy of the response from the Target Servers back to the client by sending the traffic to two MAC Addresses rather than one.



    I'm not sure that you can change one without affecting the other.



    If you don't get any leads here and open up a case can you post their response in this thread?