Description
This article describes how to add WL-Proxy-SSL HTTP header to meet case requirement below.
Based on Oracle WebLogic documentation indicates, with proxy-ssl deployment setup in-front of WebLogic server, it requires to have WLProxySSL parameter is set to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist:
- A HTTP client request specifies the HTTPS protocol.
- The request is passed through one or more proxy servers (including the Oracle WebLogic Server Proxy Plug-In).
- The connection between the plug-in and WebLogic Server uses the HTTP protocol.
Quote directly from.
https://docs.oracle.com/middleware/1221/webtier/develop-plugin/plugin_params.htm#PLGWL4402
General L7 Virtual-Server diagram.
For more info about Load Balance SSL deployment, please refer to below 'FortiADC Server Load Balance SSL Deployment Guide'.
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortiadc-v600dep...
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortiadc-v600dep...
Additional Information about WLProxySSL Oracle WebLogic Server.
https://www.ateam-oracle.com/ssl-offloading-and-weblogic-server
Solution
The FortiADC 'Content Rewriting' feature was able to facilitate HTTP Header to meet case requirement.
Here is the Step by Step guide:
1) Navigate to Server Load Balance -> Virtual Server menu.
2) Select 'Content Rewriting' tab.
3) Create new 'Content Rewriting' object.
4) Configure below parameters:
- Action Type: Request.
- Action: Add HTTP Header.
- Header Name: WL-Proxy-SSL.
- Header Value: ON.
Note.
Leave 'Match Condition' empty if case requirement were to match anything.
If interested to know more about how to configure 'Match Condition'. Refer to below guide for more info.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/28253/using-content-rewriting-rules#serve...
After Successful creates 'Content Rewriting' object, it is necessary to assign to respective virtual-server configuration.
Here is the Step by Step guide:
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/28253/using-content-rewriting-rules#serve...
After Successful creates 'Content Rewriting' object, it is necessary to assign to respective virtual-server configuration.
Here is the Step by Step guide:
1) Navigate to the target virtual-server configuration.
2) Toggle enable 'Content Rewriting' option.
3) Select interests 'Content Rewriting' object from available item list.
Verification.
In order to verify HTTP header were added as expected, it is necessary to perform packet capture for back-end connection towards real-server to verify further.
In order to verify HTTP header were added as expected, it is necessary to perform packet capture for back-end connection towards real-server to verify further.
More information about how to perform packet capture can refer to below guide.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/212754/packet-capture
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/212754/packet-capture
Diagram below shows HTTP header sent to back-end real-server added with 'WL-Proxy-SSL' HTTP header information.
https://docs.fortinet.com/document/fortiadc/6.1.3/handbook/28253/using-content-rewriting-rules
Note.
This guide were meant to focus on WebLogic case requirement.
