Jump to content
Welcome to our new Citrix community!

SSL Bridge - Header client-ip


Angelo Pollastro

Recommended Posts

Hi All,

i have a citrix adc NS13.0 67.39.nc.

I have configured http and https service group, in HTTP i have check the option "Header" ad put inside client-ip and works correctly, the source ip arrives in the header at the backend. When I configure the service group with ssl_bridge (HTTPS) with the same parameters, the IP of the requesting client is not passed in the header field, I think because there is no certificate that does ssl off loading to decrypt the session.

How can I do, in a simple way (I'm a neophyte of netscaler) to pass with ssl_bridge the ip of the person making the request to the backend??

 

Thx in advanced

regards

 

Angelo

header.png

Link to comment
Share on other sites

USIP preserves the originating client ip at Layer 3 and passes it as the source IP to the backend.  Off the top of my head, I can't recall if it can or can't be used with ssl bridge traffic.  But if so, that is probably the only way to pass source ip to backend, while still doing ssl bridge.

 

For SSL Termination, For web traffic, you can do header insertion via service property, rewrite policy, or lb profile...

 

IF you need to log the originating ip, but don't need the backend server to see it in transaction, you could try NSWL for web transaction logging, but I don't know if it captures the source ip for ssl bridge or not.   But this will just be a web transaction file that can be reviewed, but it won't be seen by the backend server.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...