How to use ESP with a non-standard port
Information
Summary: |
We will cover how to properly authenticate against a Virtual Service (VS) using a port other than 80 or 443. Ordinarily, this will result in an authentication loop. |
Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any web-based application |
Question/Problem Description: |
How can I use ESP on a Virtual Service using a port other than 80 or 443? |
Steps to Reproduce: |
Create a VS using a non-standard HTTP(S) port Add a real server. Ensure the VS works without ESP enabled. Configure and enable ESP on the VS. Test to the VS. |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | |
Resolution: |
1. Add a SubVS on the Virtual Service. Note: if real servers are already present, then they must be deleted. If ESP is already present, please remove it from the parent-level VS. 2. Create Content Rules by navigating to Rules & Checking > Content Rules > Add New to create two rules: one to delete the non-standard port of the VS in question and the other to re-add the non-standard port of the VS. 3. Navigate to Virtual Services > View/Modify Services > modify your VS with a non-standard port > Advanced Properties > HTTP Header Modifications. Add your "Remove_Port" rule as a Request Rule. Add your "Reinsert_Port" rule as a Response Rule. 4. Apply ESP and your real servers on the SubVS as normal. Note, the Allowed Virtual Host should be replaced with the FQDN/hostname that resolves to the VS. 5. You will now be able to use ESP on your non-standard port. |
Workaround: | |
Notes: |
https://support.kemptechnologies.com/hc/en-us/articles/6600387836173-Edge-Security-Pack-ESP- https://support.kemptechnologies.com/hc/en-us/articles/6600356067341-Content-Rules |