Can the Thunder ADC 1030 with SSL Inspect to analyze traffic through a proxy informing its original source? For this configuration maybe I can use X-Forwarded-for, I`m not sure if it works.
Could someone help me?
Hi Philip
The ways to select the traffic that will be processed by SSLi are:
1 → accest-list matches the IPs / ports in the communication.
2 → Bypass based on IP-domains-IP-class list, URL categorization, authentication,
You can do Bypass using the username or the AD group, which basically identifies the user behind the proxy.
As far as I know, is´t possible use the X-For
Attach a flow of graphics with processing.
Regards.
Hi oscaroller,
Firstly, thanks for your help.
Below the solution proposed for this issue.
Problem Description:
Want to include the client IP through SSLi.
Action Items:
This can be done by applying an HTTP template to the HTTPs virtual-server port with the option “insert-client-ip”/
Ex:
slb template http test
insert-client-ip X-Forwarded-For
slb virtual-server ssli 0.0.0.0 acl 101
port 0 others
service-group udp
use-rcv-hop-for-resp
no-dest-nat
port 0 tcp
service-group tcp
use-rcv-hop-for-resp
no-dest-nat
port 0 udp
service-group udp
use-rcv-hop-for-resp
no-dest-nat
port 443 https
service-group ssli
use-rcv-hop-for-resp
template http test
template client-ssl ssli_cssl
no-dest-nat port-translation
Regards.