beautypg.com

Damaging a cookie, Inserting an ip address in a header – Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 271

background image

Brocade Virtual ADX Server Load Balancing Guide

255

53-1003247-01

Layer 7 content switching

5

Damaging a cookie

Cookie damage consists of altering the cookie header so that it does not contain any cookie that
matches the name of the cookie inserted by the Brocade Virtual ADX.

For example, the following command causes the Brocade Virtual ADX to damage the cookie
indicated by the rewrite insert-cookie command in the HTTP response when rule r1 is matched.

Virtual ADX(config-csw-policy1)#match r1 rewrite destroy-cookie

Syntax: [no] match rule-name rewrite destroy-cookie

Inserting an HTTP header

HTTP header insertion causes the Brocade Virtual ADX to insert a header into the HTTP requests
that it receives on a virtual server or into the HTTP responses that it sends out from a virtual server.
The header is specified within the CSW match command using the request-insert parameter (for
HTTP requests) or the response-insert parameter (for HTTP responses).

To cause the Brocade Virtual ADX to insert a standard HTTP “Via:” header into HTTP requests
matching rule r1, enter the following command.

Virtual ADX(config-csw-p1)#match r1 rewrite request-insert header "Via:

Brocade

Virtual ADX

"

To cause the Brocade Virtual ADX to insert the header "Brocade Virtual ADX: proto=HTTP+MMS"
into the HTTP responses (matching rule r1) that it sends from the virtual server, enter the following
command.

Virtual ADX(config-csw-policy1)#match r1 rewrite response-insert header "

Brocade

Virtual ADX

: proto=HTTP+MMS"

Syntax: [no] match rule-name rewrite response-insert header header

The header variable specifies the string that will be inserted.

Inserting an IP address in a header

HTTP Header insertion can direct the Brocade Virtual ADX to insert the Client IP address into the
HTTP requests it receives on a virtual server that matches a CSW rule you define.

This feature can be useful in situations where Source Network Address Translation (source NAT) is
enabled on a Brocade Virtual ADX. With Source NAT enabled, original source IP addresses are
translated into one common IP address. As a result, servers are unable to identify clients by their
original source IP addresses. In some cases, the real source IP addresses of the clients may be
necessary; for example, for server applications to report statistics, or for web administrators who
may need to know the real source IP addresses of the clients in order to secure the system.

You can use the HTTP header insertion feature to insert the original source IP address into the
HTTP request. Servers are then able to identify clients by their original source IP addresses.

To cause the Brocade Virtual ADX to insert the IP address of the connecting client into HTTP
requests matching rule r1, enter the following command.

Virtual ADX(config-csw-policy1)#match r1 rewrite request-insert client-ip

"MyClientIP"

Syntax: [no] match rule-name rewrite request-insert client-ip header

See also other documents in the category Brocade Computer Accessories: