Specifications
Proxies
BIG-IPĀ® Reference Guide 4 - 105
To advertise a list of trusted CAs using the Configuration
utility
1. In the navigation pane, click Proxies.
2. Click the Add button.
3. In the Client Certificate CA File box, select a file name from the
box, or type the certificate CA file name.
4. Click Done.
To advertise a list of trusted CAs from the command line
To configure the proxy to send a list of trusted CAs to a client from the
command line, type the bigpipe proxy command, using the following
arguments:
b proxy <ip>:<service> [clientssl] client cert ca <clientside client cert CA file name>
Rewriting HTTP redirection
When a client request is redirected from the HTTPS to the HTTP protocol,
an SSL proxy can rewrite that redirection to HTTPS. (Specifically, this
applies to HTTP responses 301, 302, 303, 305, and 307). This ability for the
SSL proxy to rewrite HTTP redirections provides additional security by
ensuring that client requests remain on a secure channel.
Another benefit of the ability to rewrite HTTP redirection pertains to IIS and
Netscape web-server environments. Prior to this feature, a web server
running IIS and Netscape would redirect a request incorrectly if the original
request included a malformed directory name (without a trailing slash [/]).
The ability for an SSL proxy to rewrite such a redirection solves this
problem.
Note
If your web server is an IIS server, you can configure that server, instead of
the SSL proxy, to handle any rewriting of HTTP redirections. To solve the
problem described above, you can install a special BIG-IP file,
redirectfilter.dll, on your IIS server. For more information, see Rewriting
HTTP redirection, on page 4-41.
Note that the rewriting of any redirection only takes place in the HTTP
Location header of the redirection response, and not in any content of the
redirection.
This rewrite feature can rewrite the protocol name and the port number.
Optionally, you can specify how the proxy should handle URIs during a
rewrite.