Advertisement

Powered by Squarespace
Popular Categories
Blog Posts
Discussion Activity
Cisco Live 365

Blog (Broadcast)

Home > Blog

Broadcasting news, tips, and troubleshooting on networking technologies.

 

 

Entries in www (2)

Thursday
Oct302014

Magic cookie to toggle backend server farm from prod to stg

Normally, testing against a staging environment takes place with hostnames for that specific purpose and which differ from the production hostnames.  These hostnames align with different VIPs (Virtual IPs) on a load-balancer to direct the traffic flow to the appropriate backend server farm.  This works well when the client can easily and manually switch the hostname between staging and prod. 
Testing mobile apps and third-party sites that may link back to yours poses an issue:  How do you control the hostname linked to you so it hits your staging environment for testing?  Not easily.  On a desktop or laptop, testers happily </sarcasm> modify their local hosts file to get a production hostname to use the VIP (or IP address) for the staging (STG) environment.

Click to read more ...

Friday
Apr132012

Cisco ACE Module HTTP-to-HTTPS (SSL) Redirection

A simple approach to handle sites that require SSL (HTTPS) encryption is to not allow plain-text HTTP, but that’s not very user-friendly and no one likes having to type extra characters into the browser to indicate HTTPS as the URI scheme.  So the elegant solution for the client-side request is to allow HTTP, but then to redirect all such requests over to SSL.  If you’re doing SSL Acceleration on your ACE load-balancer anyway, your configuration will become simpler in the long-run since you won’t have to maintain as much duplicate configuration to handle different load-balance policies for plain-text HTTP and SSL.

The solution is to create a generic redirect rserver and serverfarm that can be used for any  SSL loadbalance policies.  For web applications that may build absolute paths, the web server may need to know that the client protocol has switched over to SSL so you don’t have needless redirects.  A HTTP Header can be sent in the request toward the web server to inform it of the protocol using the de facto standard header called X-Forwarded-Proto — using the standard Via header is another alternative and will be shown in an example.

Click to read more ...