|
Problem(Abstract) |
Due to Content Based Routing (CBR) design changes, the
secure socket layers (SSL) implementation at the backend with the Caching
Proxy has changed. |
|
|
|
Resolving the
problem |
When using CBR, CBR configurations are saved in the
default.cfg file. In this file there would be a line similar to:
cbrcontrol server add
<cluster>:<port>:<server>
where <cluster> is the cluster address
where <port> is the inbound port to the Caching
Proxy/CBR
where <server> is the backend server to which to proxy the
request
The default behavior is for CBR to use the inbound port for the outbound
port. To use a different outbound port, the mapport command must be used.
Then, the Caching Proxy uses the outbound port value to determine which
protocol to use. The following examples illustrate these concepts:
cbrcontrol server add 1.23.456.789:80:server1
is interpreted as "use HTTP(port 80) from the client to the proxy/CBR and
HTTP(port 80) from the proxy/CBR to the backend server."
cbrcontrol server add 1.23.456.789:80:server1 mapport 443
is interpreted as "use HTTP(port 80) from the client to the proxy/CBR and
HTTPS(port 443) from the proxy/CBR to the backend server."
cbrcontrol server add 1.23.456.789:443:server1
is interpreted as "use HTTPS(port 443) from the client to the proxy/CBR
and HTTPS(port 443) from the proxy/CBR to the backend server."
cbrcontrol server add 1.23.456.789:443:server1 mapport 80
is interpreted as "use HTTPS(port 443) from the client to the proxy/CBR
and HTTP(port 80) from the proxy/CBR to the backend server."
NOTE: The Caching Proxy ONLY uses ports 443 and 9443 for SSL
(HTTPS). All other ports are treated as non-SSL; that is, the protocol
will be HTTP. In a future release, other ports might possibly be
supported.
For additional help on using CBR, please consult the Network Dispatcher
documentation. |
|
|
|