Specifications

ManualsBrandsDell ManualsNetwork Router3-DNS

161

162

163

164

165

166

167

168

169

170

Proxies

BIG-IP® Reference Guide 4-87

Proxies

BIG-IP supports two types of proxies--An SSL Accelerator proxy, and a

content converter proxy. Using either the Configuration utility or the

bigpipe proxy command, you can create, delete, modify, or display the SSL

or content converter proxy definitions on the BIG-IP.

For detailed information about setting up the SSL Accelerator feature, see

the BIG-IP Solutions Guide, Chapter 9, Configuring an SSL Accelerator.

For detailed information about setting up the content converter feature, see

the BIG-IP Solutions Guide, Chapter 14, Configuring a Content Converter.

The SSL Accelerator proxy

The SSL Accelerator feature allows the BIG-IP to accept and terminate any

connections that are sent via a fully-encapsulated SSL protocol. For

example, the BIG-IP can accept HTTPS connections (HTTP over SSL),

connect to a web server, retrieve the page, and then send the page to the

client.

A key component of the SSL Accelerator feature is that the BIG-IP can

retrieve the web page using an unencrypted HTTP request to the content

server. With the SSL Accelerator feature, you can configure an SSL proxy

on the BIG-IP that decrypts HTTP requests that are encrypted with SSL.

Decrypting the request offloads SSL processing from the servers to the

BIG-IP. This also allows the BIG-IP to use the header of the HTTP request

to intelligently control how the request is handled. (You can optionally

configure requests to the servers to be re-encrypted to maintain security on

the server side of the BIG-IP as well, using a feature called SSL-to-server.

While the servers must then handle the final decryption and re-encryption,

SSL processing is still faster than if the entire task were left to the servers.)

When the SSL proxy on the BIG-IP connects to the content server, and

address translation is not enabled, the proxy uses the original client's IP

address and port as its source address and port. In doing so, the proxy

appears to be the client, for logging purposes.

BIG-IP offers several options for configuring an SSL Accelerator proxy.

These options are configured separately for each SSL proxy that you create.

You can configure these options at the time that you create the proxy.

Note

Before configuring an SSL proxy, you must either obtain a valid x509

certificate from a Trusted certificate authority, or generate a valid

temporary certificate. In either case, this certificate file must be in PEM

format.