Currently Being Moderated

Recently we’ve had a number of customers having issues with SSL Termination in the load balancer and it causing security exceptions when they reach the sourcing application.  The customers that are seeing this are using reverse proxies running on an SSL port, forwarding to a non-SSL port on the application server also known as SSL Termination,

The two main reasons for doing this are for performance reasons as encrypting and decrypting the SSL is expensive, and to allow for IDS packet sniffing within a private network.

This essentially causes what the browser thinks is a HTTPS session to attempt to establish with what is a HTTP session with sourcing resulting in a popup informing the enuser that the session is not secured and the login page not resolviing properly.  This can be resolved through adding a HTTP header to the request and ensuring sticky sessions are enabled.

The HTTP header to inject is “X-Original-HTTPS” with a value of “on” (case doesn’t matter).  This should remove the issues being caused by the HTTPS to HTTP conversion. 

Take a look at this example configuration for this generic loadbalancer setup.

 

This shows where the SSL Termination occurs and what needs to happen after that to ensure the End User arrives smoothly at SAP Sourcing.

Comments

Actions

Filter Blog

By author:
By date:
By tag: