11-06-2007 06:18 PM
Hello
I have four servers that I want to load balance based on a URL both HTTP and HTTPS. Two are tomcat and two are IIS and I would like to use something like /jsp/* and /aspx/*. I can get the http L5 rules setup just fine but when I try and use port 443 with a layer 5 content rule I get nothing. The show flows command shows the external ip, the vip but 0.0.0.0 for the NAT IP. Is it possible to do what I'm trying to do?
my config is
service iis1
ip address 10.0.0.1
active
service iis2
ip address 10.0.0.2
active
service tomcat1
ip address 10.0.0.3
active
service tomcat2
ip address 10.0.0.4
active
owner test
content iis
vip address 10.1.1.1
url "/aspx/*"
advanced-balance arrowpoint-cookie
add service iis1
add service iis2
protocol tcp
port 80
active
content iis_ssl
vip address 10.1.1.1
url "/aspx/*"
advanced-balance ssl
application ssl
add service iis1
add service iis2
protocol tcp
port 443
active
Thanks in advance
Justin
11-07-2007 11:34 AM
Justin,
the sll traffic is encrypted by definition.
So, the CSS or any other device, can't see the content of the traffic including the url.
The only way is to use the SSL module in combination with the server key and certificate.
Gilles.
11-07-2007 11:42 AM
Thanks for the response Giles. I've been working on doing that and I think I have it working but the problem now is that we have some apps that look to make sure the conversation is secure and redirect if not. With the SSL module, it doesn't look like the servers will ever see whether or not the user is connecting via HTTPS. Is there any way around that?
11-08-2007 01:22 PM
It is possible to configure the CSS to use SSL for backend connections between it and the hosting webservers. It's either that or reconfigure the app probably.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide