Offloading webgate SSL to a load balancer
A very common configuration for webservers is to proxy it
behind a load balancer. More often than not, the ssl terminates at load
balancer. This means that from load balancer to web server, traffic is in OPEN
TEXT mode. This allows organization to be able use IDS/IPS to monitor the
internal traffic.
The webgate is installed on web server, when webgate
receives the traffic, it sees it in OPEN TEXT mode. So, it sends back the
respond to forward to the next url in OPEN mode (http://<hostname>:<port>/obrar.cgi).
Since load balancer is listening for https only, this url never reaches
anywhere.
There are 2 possible ways to resolve it:
1> Create a forwarder on load balance that will
forward all the http traffic to https on the same load balancer. This solution
is not preferred by many organization as they do not want any unsecure port on
the internet facing load balancer.
2> Set the header variable IS_SSL to the value “ssl”
on the load balancer. Webgate looks for this attribute to find out if original
traffic was in secured mode. If value is set to “ssl”, the resond will include “HTTPS”
instead of “HTTP”.
Have fun….
tempat nyari SSL murah ya di IDwebhost.com Cuman disini kamu bisa menemukan paket terbaik untuk hosting webkamu.
ReplyDelete