Re: CSS SSL L5 balancing

justinjmiller · ‎11-06-2007

Hello

I have four servers that I want to load balance based on a URL both HTTP and HTTPS. Two are tomcat and two are IIS and I would like to use something like /jsp/* and /aspx/*. I can get the http L5 rules setup just fine but when I try and use port 443 with a layer 5 content rule I get nothing. The show flows command shows the external ip, the vip but 0.0.0.0 for the NAT IP. Is it possible to do what I'm trying to do?

my config is

service iis1

ip address 10.0.0.1

active

service iis2

ip address 10.0.0.2

active

service tomcat1

ip address 10.0.0.3

active

service tomcat2

ip address 10.0.0.4

active

owner test

content iis

vip address 10.1.1.1

url "/aspx/*"

advanced-balance arrowpoint-cookie

add service iis1

add service iis2

protocol tcp

port 80

active

content iis_ssl

vip address 10.1.1.1

url "/aspx/*"

advanced-balance ssl

application ssl

add service iis1

add service iis2

protocol tcp

port 443

active

Thanks in advance

Justin

Gilles Dufour · ‎11-07-2007

Justin,

the sll traffic is encrypted by definition.

So, the CSS or any other device, can't see the content of the traffic including the url.

The only way is to use the SSL module in combination with the server key and certificate.

Gilles.

justinjmiller · ‎11-07-2007

Thanks for the response Giles. I've been working on doing that and I think I have it working but the problem now is that we have some apps that look to make sure the conversation is secure and redirect if not. With the SSL module, it doesn't look like the servers will ever see whether or not the user is connecting via HTTPS. Is there any way around that?

cmcbride · ‎11-08-2007

It is possible to configure the CSS to use SSL for backend connections between it and the hosting webservers. It's either that or reconfigure the app probably.