Translating an F5 rule

Peter Booth Peter_Booth at s5a.com
Tue Mar 19 14:43:12 UTC 2013 

The code does the following:

1. remove an HTTP header named "SWSSLHDR"
2. replaces it with SWSSLHDR: port, where the port is the local port of
the "current context's TCP connection", presumably the port that your F5
virtual server is listening on. 

This is presumably to separate SSL and non SSL traffic , or to allow for
load balancing across websites that are hosted on ports 8080, 8000 or
other nonstandard ports. 

One thought- are you configuring the nginx server to terminate SSL and
then proxy to a single upstream endpoint? Is this the same topology as
the F5 one? Is the entire site SSL or just the login portions?

Peter

-----Original Message-----
From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf
Of WBrown at e1b.org
Sent: Tuesday, March 19, 2013 10:14 AM
To: nginx at nginx.org
Subject: Translating an F5 rule

I am configuring Nginx to sit in front of several IIS web servers to do 
load balancing and SSL signing.  THe IIS application is supplied by an 
outside vendor.  I have the load balancing and SSL signing  working,
with 
one exception.

The login page doesn't work.  :(

When the vendor hosts this application, they use F5 hardware for SSP and

load balancing.  They gave me thisrule that they use in the F5 that I
need 
to translate to nginx-ese:

when HTTP_REQUEST {
HTTP::header remove SWSSLHDR
HTTP::header insert SWSSLHDR [TCP::local_port]
}

Is anyone here familiar w/ F5 hardwaare that can help translate this?


-- 

William Brown
Core Hosted Application Technical Team and Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285




Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or
entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if
this 
message has been addressed to you in error, you are hereby notified that

you may not copy, forward, disclose or use any part of this message or
any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list