14-89
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Configuring
Actions

Lists
Step
6
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.


Click
Cancel
to
exit

this

procedure

without
saving
your

entries.


Click
Next
to

save

your
entries.
Related
Topics


Setting
Policy

Map

Rules

and
Actions
for
Layer
7
Server

Load-Balancing

Traffic,

page
14-61
,
Ta
b

l

e


14-26
Configuring
SSL

Header

Insertion
Note
This
option
is

available

only

for
the
ACE

module

A2(3.0),

ACE

appliance

A4(1.0),

and

later

releases

of
either
device

t

ype.
You
can

configure

an

HTTP

header

modify

action

list

that

performs

SSL

header

insertion.
When
a

client

sends

encrypted

traffic

to

the

ACE

in

an

SSL

termination

configuration,

the

ACE
terminates
the

SSL

traffic

and

then

sends

clear

text

to

the

server,

which

is

unaware

of

the

encrypted
traffic
flowing

between

the

client

and

the

ACE.

Using

an

action

list

associated

with

a

Layer

7

HTTP
load-balancing
policy

map,

you

can

instruct

the

ACE

to

perform

SSL

HTTP

header

insertion.

The

ACE
provides
the

server

with

the

following

SSL

session

information

by

inserting

HTTP

headers

into

the
HTTP
requests

that

it

receives

over

the

connection:
Ta
b

l

e


14-36
SSL
Action

Configuration

Window

Fields
Header
Action

Field
Description
/

Action
URL
Expression
Field
t

hat

specifies

the

rewriting

of

the

URL

in

the

Location

response

header

based

on

a

U

RL
regular
expression

match.

If

the

URL

in

the

Location

header

matches

the

URL

regular

expression
string
that

you

specify,

the

ACE

rewrites

the

URL

from

http://

to

https://

and

rewrites

the

port
number.
Enter

an

unquoted

text

string

with

no

spaces

and

a

maximum

of

255

alphanumeric
characters.
Alternatively,

you

can

enter

a

text

string

with

spaces

if

you

enclose

the

entire

string

in
quotation
marks

(“).
The
l

ocation

regex

that

you

enter

must

be

a

pur

e

URL

(for

example,

www\.cisco\.com)

with

no
port
or

path

designations.

To

match

a

port,

use

the

SSL

Port

and

Clear

Port

parameters.

If

you

need
to
match

a

path,

use

the

HTTP

header

rewrite

feature

to

rewrite

the

string.

For

information

about
the
HTTP

header

rewrite

feature,

see

the

“Configuring

HTTP

Header

Insertion,

Deletion,

and
Rewrite”
section

on

page

14-85 .
The
ACE

supports

regular

expressions

for

matching.

To

include

spaces

in

the

string,

enclose

the
entire
string

in

quotes.

All

headers

in

the

header

map

must

be

matched.

See

Ta

b

l

e


14-33

for

a

list
of
the

supported

characters

that

you

can

use

in

regular

expressions.
SSL
Port
SSL
port

number

from

which

the

ACE

translates

a

clear

port

number

before

sending

the

server
redirect
response

to

the

client.

Enter

a

value

from

1

to

65535.

The

default

is

443.
Clear
Port
Clear
port

number

to

which

the

ACE

translates

the

SSL

port

number

before

sending

a

server
redirect
response

to

the

client.

Enter

a

value

from

1

to

65535.

The

default

is

80.