Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE SSL Reverse Proxy for multible URLs

Hi,

I am trying to setup an ACE as a reverse proxy (one-arm mode) for HTTPS connections for multiple URLs to multiple serverfarms. From what i know i have two options:

1. Use different VIP for each URL and do

L4 loadbalancing or use a

combination of IP address and port.

2. Use different VIP for each URL, do

SSL offloading and do L7 URL based

loadbalancing.

So with these options i am bind to use different IPs for each site. Is there a way i can use one VIP and then offload SSL and do URL based loadbalancing? From my knowledge we are restricted by the nature of the SSL. The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts so there is no visibility of the HTTP header.

Any comments appreciated

George Georgiou

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE SSL Reverse Proxy for multible URLs

Geroge,

your understanding is absolutely correct.

We need to know the site in order to decrypt te traffic because the certificate is associated to a domain name.

But without decrypting, we can't see the domain name.

So, the only way to know the domain without decrypting is to allocate a single ip to each domain.

There is no other solution.

Gilles.

2 REPLIES
Cisco Employee

Re: ACE SSL Reverse Proxy for multible URLs

Geroge,

your understanding is absolutely correct.

We need to know the site in order to decrypt te traffic because the certificate is associated to a domain name.

But without decrypting, we can't see the domain name.

So, the only way to know the domain without decrypting is to allocate a single ip to each domain.

There is no other solution.

Gilles.

New Member

Re: ACE SSL Reverse Proxy for multible URLs

Hi Gilles,

Thank you for your always prompt answer. You are always very helpful and accurate.

I guess maybe we could have that working only if using wild card certificates.

Anyways, another 5 for you!!!

./G

236
Views
0
Helpful
2
Replies
CreatePlease login to create content