User guide
- 59 -
7.2 Enabling SSL Termination
By default, the SSL termination is NOT on. The following description is about enabling SSL
termination for an HTTP farm.
In the “Add Farm” screen, select “HTTP—hypertext transfer protocol (TCP)” in the “service”
section. In the “SSL Termination” section, choose from any key other than “none” (see the
SSL Keys section about importing your SSL keys). This will enable SSL termination on the
HTTP farm. All the HTTPS incoming traffic will be sent terminated to farms on HTTP port
(80). Please set the “port number” to a clear port, since after the WebMux terminates the SSL
traffic, only clear traffic will go to servers. When the servers return traffic back, the WebMux
will re-encrypt the data and send encrypted back to client. If you are using Out-of-Path Mode,
please make sure your servers’ gateway points to the WebMux server LAN gateway IP
address (not the router); so that the WebMux has the chance to re-encrypt the data before
replying back to clients.
Block non-SSL access to farm:
One can also block non-encrypted incoming traffic, so that only encrypted traffic can reach
your server. This might be useful, when you only want encrypted traffic to reach your servers.
Tag SSL-terminated HTTP requests:
Because traffic between the WebMux to your servers is unencrypted traffic, your servers will
not be able to tell if the originating connection was HTTPS or HTTP. This may be important
if the application on the server requires that kind of information. You can turn on “tag SSL-
terminated HTTP requests.” By selecting “Yes,” the decrypted traffic to the servers will have
the added MIME header “X-WebMux-SSL-termination: true.” It is up to you how you want
the server to process this information. For example, you can write a script on your server to
identify if the original traffic was HTTPS or HTTP, and then properly redirect the traffic to
the HTTPS.