Identifying original source thought SSLi.

Can the Thunder ADC 1030 with SSL Inspect to analyze traffic through a proxy informing its original source? For this configuration maybe I can use X-Forwarded-for, I`m not sure if it works.

Could someone help me?

Best Answer

  •[email protected] Member
    Accepted Answer

    Hi oscaroller,

    Firstly, thanks for your help.

    Below the solution proposed for this issue.

    Problem Description:

       Want to include the client IP through SSLi.

    Action Items:

       This can be done by applying an HTTP template to the HTTPs virtual-server port with the option “insert-client-ip”/


    slb template http test

     insert-client-ip X-Forwarded-For

    slb virtual-server ssli acl 101

     port 0 others

       service-group udp



     port 0 tcp

       service-group tcp



     port 0 udp

       service-group udp



     port 443 https

       service-group ssli


       template http test

       template client-ssl ssli_cssl

       no-dest-nat port-translation



  • Hi Philip

    The ways to select the traffic that will be processed by SSLi are:

    1 -> accest-list matches the IPs / ports in the communication.

    2 -> Bypass based on IP-domains-IP-class list, URL categorization, authentication,

    You can do Bypass using the username or the AD group, which basically identifies the user behind the proxy.

    As far as I know, is´t possible use the X-For

    Attach a flow of graphics with processing.


Sign In or Register to comment.