Compatibility problems with hardware secure socket layers accelerators and the WebSphere Application Server Web server plugin

Technote (FAQ)
Problem
If you use a hardware Secure Socket Layer (SSL) accelerator (such as BIG-IP) configured in front of the Web server, and you use relative links in your WebSphereŽ Application Server application, you might receive 500 errors.
Cause
The hardware SSL accelerator does not keep the original request intact; it overwrites the host port header. All prior port information is lost. Therefore, the Application Server plugin is routing requests only to the port that the hardware SSL accelerator made the request on.
Solution
Following is a detailed description of this problem and how this configuration works:

  1. The request is made from client over SSL (HTTPS) on port 443.
  2. The hardware SSL accelerator intercepts the request made over port 443, and rewrites the request to the Web server using port 80 instead. This request is not made over SSL.
  3. The WebSphere Application Server plugin on the Web server receives the request. The plugin never knows that this request was originally made over SSL (port 443) by the client.
  4. The plugin routes the request to an application server. Again, the application server knows only that the request came over port 80.
  5. Any relative links or relative sendRedirect() calls build a URL using port 80 (HTTP) and not 443 (HTTPS)

The solution with this configuration is to use

  • Absolute links, such as
    https:
    //myhost/myapp
  • Absolute sendRedirects, such as:
    response.sendRedirect("https: //myhost/myapp))

Note: Line Item request #155 has been opened to request that WebSphere Application Server be redesigned to support hardware SSL accelerators with the use of relative links or relative sendRedirects. This request might or might not be incorporated into a future release.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Plug-in
Operating system(s): AIX, HPUX, Linux, Linux Red Hat - i/p Series, Linux zSeries, Multi-Platform, Solaris, Windows, Windows 2000, Windows NT, Windows Server 2003, Windows XP
Software version: 3.5, 4.0, 5.0, 5.1
Software edition: Edition Independent
Reference #: 1116533
IBM Group: Software Group
Modified date: 2004-05-12