Hello
This is my first mail here and I know a poor English, so please excuse any
inconvenience... ;)
I'm trying to setup a reverse proxy using mod_proxy to a cluster of
WebServers, balanced with an Alteon G5 with sslid mechanism. Indeed, the
reverse proxies are a cluster of 4 too, balanced with kernel IPVS ( but
this is not important at the moment ).
I have observed problems maintaining the session when using HTTPS and not
HTTP.
SSL is a set of protocols built on top of TCP/IP that allows an
application server and client to
communicate over an encrypted HTTP session, providing authentication,
non-repudiation, and
security. The SSL protocol handshake is performed using clear
(unencrypted) text. The content
data is then encrypted (using an algorithm exchanged during the handshake)
prior to being
transmitted.
Using the SSL session ID, the switch forwards the client request to the
same real server to
which it was bound during the last session. Because SSL protocol allows
many TCP connections
to use the same session ID from the same client to a server, key exchange
needs to be
done only when the session ID expires. This reduces server overhead and
provides a mechanism,
even when the client IP address changes, to send all sessions to the same
real server.
---
Is there a way to have the same SSL ID in the SSLProxyengine for the same
client? how does it work?
Is the SSL ID for the client-rproxy the same that the rproxy-balancer? How
can I fix this?
Thx a lot,
Francisco Gimeno
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
