Netscaler and SSL offloading; As many people are aware, you can offload SSL on a netscaler, this usually causes some app level problems as your app could have logic to check that access was via https, and redirect if not. Or your app my have logic to insert the protocol into links, and as access to your app (from it's point of view) is not http, the links may now be incorrect protocol type. you can workaround this using a technique I call ssl-intercept, where ssl offloading is performed on the netscaler, say on a content switch, pointing to a HTTP Load Balancer , which has services bound that are SSL services. What this means is that the client's ssl terminates on the Netscaler and a new ssl session is made to the backend server, leaving the stream within the Netscaler as HTTP , allowing you to insert headers or make other decisions based on the http content within the ssl session. your app sees the traffic as ssl, so the problems above are negated. This is particu
Posts
Showing posts from January, 2013