C H A P T E R 5
Command
config policygroup
service header-name
NOTE: The SA7220
supports ONLY the
source-ip parameter.
The SA8200/SA8220
support all four parameters
(certificate, cipher-used,
source-ip, and ssl-id). With
header-certificate enabled,
and using Internet
Explorer* with a non-
trusted CA (for example, a
broker-generated or
Microsoft IIS) server-
generated server certificate,
the client certificate may not
pass through on the first
request. Pass-through
behaves correctly if the
server certificate is
obtained from a recognized
CA such as Verisign*.
Description
Sets the name used in the HeaderNameField of the HTTP headers
inserted when header or header-certificate are enabled,
on a per-service basis.
config policygroup <
service- name> header-name [certificate
<
<headername> | cipher-used <headername> |
source-ip <headername> | ssl-id <headername>]
where:
•
policy-name is the name of the policy group
•
service-name is the name of the service
•
is the name to use in the HTTP header
headername
With header enabled, the following are the default HTTP header
names:
•
source-ip: HP_SOURCE_IP
With header-certificate enabled, the following are the default
HTTP header names:
•
certificate: HP_CLIENT_CERTIFICATE
•
cipher-used: HP_CIPHER_USED
•
ssl-id: HP_SSL_SESSION_ID
Policy Group Commands
policy- name> service
167