## SSL offloading on CSS Switch##

Unanswered Question
Mar 10th, 2008

I have configured a CSS 11503 to do SSL offloading, I have installed all the certs and all seems ok during initial testing. Now my question is normally on my IIS GUI on the backend server I usually specify what pages require security (SSL) or not, on the web site i have a mix of normal http and https content, how do i configure this on the CSS front end were SSL offloading takes place, is there some communication mechanism between the IIS and the CSS to transfer this info, or do I need to create a content rule for each URL???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 03/10/2008 - 23:38

Normally your server will know only work in HTTP and the CSS will encrypt the traffic before forwarding to the client.

If you do not have hard links (only relative links), the client will continue to use HTTPS to request the content.

So now all your traffic is encrypted.

If you want the client to use HTTP for some links, you could have hard coded links in your web pages - sth like : http://.... this will force the client to use http.

But I would not recommend to do so.

I would simply let the CSS encrypt/decrypt everything and not try to switch between http and https.

Gilles.

gabrielbryson Tue, 03/11/2008 - 01:34

Thanks Gilles

The problem is i dont think my customer would warm to the idea of having his entire site https and the CSS then just passing http through to the backend??

If I wanted to could I specify hard links for the https based on their URL's, and let the normal http traffic use my default rule, or can we not be so granular on the CSS?

Gilles Dufour Tue, 03/11/2008 - 05:12

The CSS really does not control what protocol the client will use.

If the CSS is configured to accept both HTTP and HTTPS, it will accept both.

But going from http to https or https to http is controlled by what links the client clicks and how those links are setup in the server.

Also, once a connection is open, all relative links will continue to use the default method.

What you can do is put all secure content behind the same directory ie: /secure/... and on the CSS you can intercept the request to /secure and send a redirect to https.

Gilles.

gabrielbryson Tue, 03/11/2008 - 07:30

Thanks Gilles

I think you have just answered me with your last paragraph, I think it was actually kind of what I was origionally asking, in my round about manner, do we still configure the IIS backend security as usual? which you have just answered.

Thanks for your time

Actions

This Discussion