Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL Offload Requests

When using any loadbalancer, CSS, CSM or ACE and doing SSL offload, how does the request to the backend server get created? For example if the client requests https://secure.example.com/privatedata.html and that url is configured for SSL offload on the loadbalancer, it the request from the LB to the server just http://secure.example.com/privatedata.html ? What would the request look like if SSL offload and backend SSL are both configured? Are there methods to modify the default behavior on any of the platforms?

TIA

1 REPLY
Cisco Employee

Re: SSL Offload Requests

First you have to understand that a url is not sent the way you type it in http.

So the request actually looks like this :

GET /privatedata.html

Host: secure.example.com

This request is encrypted with SSL if you enter the url with HTTPS:// and is sent in cleartext if you don't use SSL.

So, what the offloader will do is simply decrypt the traffic and whatever the request will send it in cleartext to the server ip address.

The offloader can't change the content of the request. However, it can add some lines in the header.

Also, instead of just transmitting in cleartext, the loadbalancer can re-encrypt so the communication between offloader and server is also SSL.

Again, the request (see above) does not change.

Gilles.

324
Views
0
Helpful
1
Replies
CreatePlease to create content