- �ؖ���/���Ǘ��̏W����
�T�[�o�[��SSL�������s�킹��ƁA�ؖ����X�V�̂Ƃ��ɃT�[�o�[�̑䐔���ؖ��������̃I�y���[�V�������������܂� - L7�g���t�B�b�N�Ǘ�
�N���C�A���g/�T�[�o�[�Ԃ��Í�������Ă��܂��ƒ��Ԃɓ���f�o�C�X��L7�̏������ăg���t�B�b�N�Ǘ����ł��Ȃ��Ȃ�܂�) - TPS������̃R�X�g
�����Ɍv�Z�������Ƃ͂���܂��ASSL��1�g�����U�N�V����������̏����R�X�g��BIG-IP�ŏI�[���������L���Ȃ��Ƃ������悤�ł�
�V�X�e���S�̂Ō����Ƃ��ɂǂ��炪�y���͏�������܂����ABIG-IP�ŏI�[����ꍇ��HTTPS��VirtualServer�Ŏ��g���t�B�b�N���T�[�o�[�ɓ]������ۂ�HTTP�w�b�_�[�ɂ���Ƃ킩����e�����Ă����Ηǂ��ł��傤�BX-Forwarded-For�̂悤�Ȏ�茈�߂�ꂽ�w�b�_�[���͖����悤�Ȃ̂ŁA�K���Ɍ��߂ăT�[�o�[/�A�v�������l�ɋ����Ă����܂��B�����"X-SSL: 1"�Ƃ����w�b�_�[�����Ă����܂��B
������s���ɂ�HTTP Profile���g�p���܂��B
�ȉ��A�ݒ�ł��B
root@cookbook(Active)(tmos)# list ltm profile http http1
ltm profile http http1 {
defaults-from http
header-insert "X-SSL: 1"
}
����Profile��VS�ɐݒ肵�܂��B
ltm virtual httpsVS {
destination 10.10.88.21:https
ip-protocol tcp
mask 255.255.255.255
pool httppool
profiles {
clientssl {
context clientside
}
http1 { }
tcp { }
}
snat automap
}���Ȃ݂ɔ�r�p�ɐݒ肵��HTTP��VS���قړ����ݒ�ł��B
root@cookbook(Active)(tmos)# list ltm virtual httpVS
ltm virtual httpVS {
destination 10.10.88.21:http
ip-protocol tcp
mask 255.255.255.255
pool httppool
profiles {
http { }
tcp { }
}
snat automap
}
snat automap�͂��̌��؊��ŕK�v�Ȃ����ŁA�K�{�ł͂���܂���B
�܂��A�T�[�o�[���ł͊m�F�p�Ɋ��ϐ����o�͂���ȉ��̂悤�ȃv���O������p�ӂ��Ă��܂��B
# cat env_al.php
<?php
foreach ($_SERVER as $key => $val)
{
print "\n";
print "$key -> ";
print "$val";
}
print "\n\n\n";
?>
����ł͊m�F���܂��傤�B�ŏ���HTTP��VS�ɃA�N�Z�X���Ă݂܂��B
����HTTPS��VS�ɃA�N�Z�X���Ă݂܂��B$ curl http://10.10.88.21/env_al.php
HTTP_USER_AGENT -> curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.10
HTTP_HOST -> 10.10.88.21
HTTP_ACCEPT -> */*
PATH -> /usr/local/bin:/usr/bin:/bin
SERVER_SIGNATURE -> Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch Server at 10.10.88.21 Port 80
SERVER_SOFTWARE -> Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch
SERVER_NAME -> 10.10.88.21
SERVER_ADDR -> 10.10.40.40
SERVER_PORT -> 80
REMOTE_ADDR -> 10.10.40.252
DOCUMENT_ROOT -> /var/www
SERVER_ADMIN -> webmaster@localhost
SCRIPT_FILENAME -> /var/www/env_al.php
REMOTE_PORT -> 57457
GATEWAY_INTERFACE -> CGI/1.1
SERVER_PROTOCOL -> HTTP/1.1
REQUEST_METHOD -> GET
QUERY_STRING ->
REQUEST_URI -> /env_al.php
SCRIPT_NAME -> /env_al.php
PHP_SELF -> /env_al.php
REQUEST_TIME -> 1273465320
argv -> Array
argc -> 0
$ curl -k https://10.10.88.21/env_al.php
HTTP_USER_AGENT -> curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.10
HTTP_HOST -> 10.10.88.21
HTTP_ACCEPT -> */*
HTTP_X_SSL -> 1
PATH -> /usr/local/bin:/usr/bin:/bin
SERVER_SIGNATURE -> Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch Server at 10.10.88.21 Port 80
SERVER_SOFTWARE -> Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch
SERVER_NAME -> 10.10.88.21
SERVER_ADDR -> 10.10.40.40
SERVER_PORT -> 80
REMOTE_ADDR -> 10.10.40.252
DOCUMENT_ROOT -> /var/www
SERVER_ADMIN -> webmaster@localhost
SCRIPT_FILENAME -> /var/www/env_al.php
REMOTE_PORT -> 45476
GATEWAY_INTERFACE -> CGI/1.1
SERVER_PROTOCOL -> HTTP/1.1
REQUEST_METHOD -> GET
QUERY_STRING ->
REQUEST_URI -> /env_al.php
SCRIPT_NAME -> /env_al.php
PHP_SELF -> /env_al.php
REQUEST_TIME -> 1273465344
argv -> Array
argc -> 0
�������ݒ肵���w�b�_�[���T�[�o�[�ɓ͂����Ă邱�Ƃ��킩��܂����B�A�v���P�[�V�����ł͂�����g�p���ďꍇ�����������������邱�Ƃ��ł��܂��B
�]�k�ł����A����͐���_�E�����[�h�\�ɂȂ���TMOS 10.2���g�p���Ă��܂��B�ׂ��������͕ς��܂����g���̃o�[�W�����Ɠ����I�y���[�V�������قȂ邱�Ƃ�����܂��̂ł����ӂ��������B
