tags:

views:

274

answers:

2
+1  Q: 

Determine SSL connection behind a load balancer

Hi all:

Looking for best practice here. We deal with SSL connection at our load balancer level and hence all the connection from our load balancer to our web servers are http. With that we have no way of telling what kind of connection the client is making to our web server since all connection is through http. We currently have 2 solution, one is to have the load balancer to append a port number in the URL string so that we can determine the kind of request (ex. 80 for http and 443 for https). The other solution is for the load balancer to append a special header when it get https request so the web servers knows the type of connection.

Do you see cons in both solution? Is there any best practice regarding SSL being applied at the load balancer level instead of web server level?

+1  A: 

I would prefer the header, I think. Adding something in the URL creates the possibility, however slim, that you'll collide with a query string parameter that an app wants to use. A custom header would be easier.

A third option could be to have ssl connections redirect to a different port, say 8080, so on the back end you know that port 80 connections were http to begin with, and port 8080 connections were 443 to begin with, even though they're both http at that point.

Clyde  2009-03-23 21:08:43
+1  A: 

I suggest using the header. A related concept is determining the IP address of the client (for logging purposes), since all requests to your web server appear to originate at the load balancer. The x-forwarded-for header is customarily used here.

erickson  2009-03-24 19:53:23

related questions

Centos or Debian as a server OS ?
Where can I find a FTP Server with an API?
Technical issues when switching to an unmanaged Virtual Private Server (VPS) hosting provider?
Should I use a dedicated network channel between the database and the application server?
Do I need to leave gaps in a standard server rack?
Monitoring CPU Core Usage on Terminal Servers
Which hardware to buy for a new Linux server system?
Website Hardware Scaling
Ajax polling.
I ALMOST understand how email works, but I'm missing something.
How do you minimize the number of threads used in a tcp server application?
Perfmon File Analysis Tools
Cleanest & Fastest server setup for Django
Is there some way to PUSH data from web server to browser?
How do I secure my new web server (Server 2008)?
Subversion Management Tools
What kind of servers did you virtualize lately?
Closet server versus Colo?
Personal Linux web server
Error ADMA5026E for WebSphere Application Server Network Deployment
What means the error SECJ0222E in WebSphere Application Server 5.1
What is called a Node in a WebSpere Network Deployment
Can someone give me a working example of a build.xml for an EAR that deploys in WebSphere 6
Asynchronous multi-direction server-client communication over the same open socket?
Best way to access Exchange using PHP?