01-18-2008 07:55 AM
I'm looking for some suggestions on using multiple SSL-Offload modules (CSS5-SSL-C-K9) for ssl-termination and compression.
We ran into some isolated application problems with compression when it was globally enabled on a single ssl-termination service. As a work-around, we're selectively enabling compression on the cleartext content rules for those sites that support compression, however that seems like it maybe inefficient because the data back to the client will hit the ssl-module twice, once for compression (on the cleartext rules) and then again for encryption (on the ssl rule.)
I'm thinking that using two SSL-offload modules is a better solution. Both modules will use the same ssl-proxy-list, but one module's service will have compression enabled and the other will not. The decision then to enable compression, will be based upon which ssl service is added to the ssl content rule. In that design, compression will happen along with encryption for the compression-enabled service, and seems to be more efficient.
Has anyone done a design like that?
If not, has anyone run into any scalability or performance issues with selectively enabling compression on the cleartext rules?
Thoughts?
01-24-2008 11:03 AM
Selectively enabling compression on multiple SSL modules can cause some problems. You should enable compression for all data in a multi module steup. Following link may help you
02-05-2008 08:36 AM
-Sorry for the delay in getting back to you.
Thanks for the info. Please elaborate.
I'm testing this now with some success and I just want to be sure I don't run into any issues.
Thanks,
Pat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide