Forum Discussion

ac32f5_4938's avatar
ac32f5_4938
Icon for Nimbostratus rankNimbostratus
Feb 09, 2011

Migrating from CSS to F5

Hello All- We are in the process of migrating from CSS to F5. We termiate ssl on CSS and have the following addition config to insert ssl session info in the http header back to the web server. CSS to web server is http in this case and ssl terminates on the css

 

 

ssl-server 20 http-header session <---insert ssl session info (not sure what info exactly, can't find more info on cisco site)

 

and

 

ssl-server 20 http-header insert-per-request

 

i can't figure out how this translates to f5. i tried this irule and it didn't work, so it's probably more than just the session id that it's looking for.

 

 

when HTTP_REQUEST {

 

HTTP::header insert [SSL::modssl_sessionid_headers]

 

}

 

 

does anyone has any idea how to do this?

 

 

Thanks

 

Andy
config
design

8 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Feb 10, 2011
    Exactly what SSL info are you trying to insert?

     

     

    Based on this cisco doc:

     

     

    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/ssl/guide/terminat.htmlwpmkr1031927

     

     

    Looks like you're currently inserting "cipher name, cipher key size, cipher use size, session protocol version, sessionid, and session verify result?"
  • ac32f5_4938's avatar
    ac32f5_4938
    Icon for Nimbostratus rankNimbostratus
    Feb 10, 2011
    whatever is currently being inserted, i need to insert the exact same info..
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Feb 10, 2011
    Just to make sure, you're terminating SSL (using a client SSL profile) on your F5 Virtual Server, right? The iRule you tried definitely seems to be on the right track.
  • ac32f5_4938's avatar
    ac32f5_4938
    Icon for Nimbostratus rankNimbostratus
    Feb 10, 2011
    yes we are terminating on F5. this iRule only inserts session_id..i have to figure out how to insert the rest..
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Feb 14, 2011
    Posted By ac32f5 on 02/10/2011 03:17 PM

     

    i'll give it a shot..

     

    Any luck?