Forum Discussion

Krys_Frankiewic's avatar
Krys_Frankiewic
Icon for Nimbostratus rankNimbostratus
Mar 19, 2015

X-SSL header value

We are migrting from Cisco ACE to F5. How can I insert request x-ssl on F5? On Cisco I have following entry: action-list type modify http HTTP_X-SSL header insert request X-SSL header-value "decrypted=true,ciphers=TLSv1/SSLv3_RC4-MD5" On F5 I created profile http_ssl and added ":"ciphers=TLSv1/SSLv3_RC4-MD5decrypted=true,ciphers=TLSv1/SSLv3_RC4-MD5 under Request Header Insert. Application still is not accepting my GET.

 

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 22, 2015

    so, is the problem bigip does not insert the header or something else?

    request header insert setting looks fine here in my lab.

     config

root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        myhttp { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 19
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile http myhttp
ltm profile http myhttp {
    app-service none
    header-insert X-SSL:decrypted=true,ciphers=TLSv1/SSLv3_RC4-MD5
}

 trace

[root@ve11c:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 192.168.206.47(56746) <-> 172.28.24.10(80)
1427023101.6994 (0.0024)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
Host: 172.28.24.10
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(56746) <-> 200.200.200.101(80)
1427023101.7005 (0.0010)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
Host: 172.28.24.10
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
X-SSL: decrypted=true,ciphers=TLSv1/SSLv3_RC4-MD5

---------------------------------------------------------------
  • Krys_Frankiewic's avatar
    Krys_Frankiewic
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2015

    My apology, I made a stupid typo in my profile. That's why wasn't working. Instead X-SSL: I typed "." After correction, works as expected. Nothing wrong with F5:)