Support User Manuals

Cisco Systems 6500 Switch User Manual

Open as PDF

of 160

2-37

Catalyst 6500 Series Switch SSL Services Module Command Reference

OL-9105-01

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy http-header

Examples This example shows how to enter the HTTP header insertion configuration submode:

ssl-proxy(config)# ssl-proxy context s1

ssl-proxy(config-context)# policy http-header test1

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to allow the back-end server to see the attributes of the client certificate that

the SSL module has authenticated and approved:

ssl-proxy(config-ctx-http-header-policy)# client-cert

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to insert the client IP address and information about the client port into the

HTTP header, allowing the server to see the client IP address and port:

ssl-proxy(config-ctx-http-header-policy)# client-ip-port

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to insert the custom-string header into the HTTP header:

ssl-proxy(config-ctx-http-header-policy)# custom "SOFTWARE VERSION:3.1(1)"

ssl-proxy(config-ctx-http-header-policy)# custom "module:SSL MODULE - CATALYST 6500"

ssl-proxy(config-ctx-http-header-policy)# custom

type-of-proxy:server_proxy_1024_bit_key_size

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to add the prefix-string into the HTTP header:

ssl-proxy(config-ctx-http-header-policy)# prefix SSL-OFFLOAD

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to pass information that is specific to an SSL connection to the back-end server

as session headers:

ssl-proxy(config-ctx-http-header-policy)# session

ssl-proxy(config-ctx-http-header-policy)#

This example shows how to create a header alias for the standard “session-cipher-name” header:

ssl-proxy(config-ctx-http-header-policy)# alias My-Session-Cipher session-cipher-name

client-ip-port Inserts the client IP address and information about the client port into

the HTTP header, allowing the server to see the client IP address and

port.

custom custom-string Inserts the custom-string header into the HTTP header.

prefix Adds the prefix-string to the HTTP header to enable the server to

identify the connections that come from the SSL module, not from other

appliances

session Passes information that is specific to an SSL connection to the back-end

server as session headers.

Table 2-3 HTTP Header Insertion Configuration Submode Command Descriptions (continued)

Syntax Description

previous next