0

Can a loadbalacer (reverse proxy) configured with sticky sessions pass on the client IP to the Web servers if the session is SSL encrypted without doing SSL termination?

Is it even possible to have sticky sessions based on IP and not cookies configured on a Loadbalancer if the communication is encrypted via SSL?

user177819
  • 3
  • 1

1 Answers1

0

Yes its possible with a load balancer (leaving aside the issue that sticky sessions are inherently a bad idea) but not a reverse proxy (since that operates at the HTTP level and can't see the HTTP traffic if SSL is not terminated). There's 2 methods it could use:

1) send the data out of band - AFAIK there is not a standard protocol for doing this - hence any implementation will be proprietary

2) many load balancers will support masquerading - you just set the route back to the client from the origin server.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • I'm assuming then that the Loadbalancer can also easly do IP based routing even if the session is SSL encrypted over HTTP, as it has the requesting client IP not from the HTTPS header but from another band/protocol? – user177819 Jun 14 '13 at 11:26
  • There is no client IP in the HTTP header but it's on every packet (outside the SSL stream) – symcbean Jun 14 '13 at 12:08