Hi,
My company currently use Apache / mod_ssl / mod_jk / Tomcat to support SSL
in our application
My SysAdmin department would like to switch our SSL handling to a dedicated
hardware solution (eg
http://www.intel.com/network/idc/products/accel_7115.htm) to take the SSL
load off of our Webservers. My concern with this though is that our
application will no longer be able to discern whether a request was secure
or not. Has anyone tried this kind of thing?
I guess one option would be for the Hardware SSL box to point to port 443 of
Apache, but for Apache not to actually pass these requests to mod_ssl
(Apache's 443 could then be firewalled off from the outside world and
assumed only used as a target from the hardware SSL box for originally
secure requests.) As the port is 443 though, would mod_jk still treat it as
though SSL was enabled? I doubt it, but thought I would ask.
Another alternative would be for our app to look for the port requested,
rather than whether the request was secure or not. We could get the Hardware
SSL box to pass originally secure requests to port 443 (or anything other
than 80 for that matter) as above. In that case though, our App would need
to know the port number that was attached to on Apache - is this passed
through by mod_jk?
Details: Apache 1.3.20 / mod_ssl 2.8.4-1.3.20 / Tomcat 3.2 (with mod_jk
setup to use AJP13) / Solaris 8
Thanks for any help,
Mike
---
Mike Roberts
Developer
DigitalRum
mailto:mike.roberts@**spamdeflector**.digitalrum.com
