SSL Offload Requests

Unanswered Question
Jan 16th, 2008

When using any loadbalancer, CSS, CSM or ACE and doing SSL offload, how does the request to the backend server get created? For example if the client requests and that url is configured for SSL offload on the loadbalancer, it the request from the LB to the server just ? What would the request look like if SSL offload and backend SSL are both configured? Are there methods to modify the default behavior on any of the platforms?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Thu, 01/17/2008 - 00:34

First you have to understand that a url is not sent the way you type it in http.

So the request actually looks like this :

GET /privatedata.html


This request is encrypted with SSL if you enter the url with HTTPS:// and is sent in cleartext if you don't use SSL.

So, what the offloader will do is simply decrypt the traffic and whatever the request will send it in cleartext to the server ip address.

The offloader can't change the content of the request. However, it can add some lines in the header.

Also, instead of just transmitting in cleartext, the loadbalancer can re-encrypt so the communication between offloader and server is also SSL.

Again, the request (see above) does not change.



This Discussion