Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
scheehan_FTNT
Staff
Staff

Created on ‎09-19-2021 09:10 AM Edited on ‎05-26-2022 06:42 AM By Anonymous

Article Id 196560

Technical Tip: How to add WL-proxy-SSL HTTP header for WebLogic server with SSL-Offloading setup

Description
This article describes how to add WL-Proxy-SSL HTTP header to meet case requirement below.

Based on Oracle WebLogic documentation indicates, with proxy-ssl deployment setup in-front of WebLogic server, it requires to have WLProxySSL parameter is set to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist:
- A HTTP client request specifies the HTTPS protocol.
- The request is passed through one or more proxy servers (including the Oracle WebLogic Server Proxy Plug-In).
- The connection between the plug-in and WebLogic Server uses the HTTP protocol.

Quote directly from.
https://docs.oracle.com/middleware/1221/webtier/develop-plugin/plugin_params.htm#PLGWL4402

General L7 Virtual-Server diagram.


 
 
For more info about Load Balance SSL deployment, please refer to below 'FortiADC Server Load Balance SSL Deployment Guide'.
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortiadc-v600dep...

Additional Information about WLProxySSL Oracle WebLogic Server.
https://www.ateam-oracle.com/ssl-offloading-and-weblogic-server


Solution

The FortiADC 'Content Rewriting' feature was able to facilitate HTTP Header to meet case requirement.
 
Here is the Step by Step guide:
 

1) Navigate to Server Load Balance -> Virtual Server menu.

2) Select 'Content Rewriting' tab.

3) Create new 'Content Rewriting' object.

4) Configure below parameters:
- Action Type: Request.
- Action: Add HTTP Header.
- Header Name: WL-Proxy-SSL.
- Header Value: ON.

Note.
Leave 'Match Condition' empty if case requirement were to match anything.



 
 
If interested to know more about how to configure 'Match Condition'. Refer to below guide for more info.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/28253/using-content-rewriting-rules#serve...

After Successful creates 'Content Rewriting' object, it is necessary to assign to respective virtual-server configuration.

Here is the Step by Step guide:
 
1) Navigate to the target virtual-server configuration.
 
2) Toggle enable 'Content Rewriting' option.
 
3) Select interests 'Content Rewriting' object from available item list.
 
 
 
 
Verification.
In order to verify HTTP header were added as expected, it is necessary to perform packet capture for back-end connection towards real-server to verify further.
 
More information about how to perform packet capture can refer to below guide.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/212754/packet-capture
 
Diagram below shows HTTP header sent to back-end real-server added with 'WL-Proxy-SSL' HTTP header information.
 
 
Addition information about 'Content Rewriting' feature, refer to below guide.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/28253/using-content-rewriting-rules

Note.
This guide were meant to focus on WebLogic case requirement.

 

Labels:
6933
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.