AppLogic27 Web
AppLogic 2.7/2.8 Documentation The latest production release is AppLogic 3.0.30 INSSL - HTTP Input Gateway with SSL Support
Latest version: 1.5.2-1  | At a Glance | |
|---|---|---|
| Catalog | System | |
| Category | Deprecated | |
| User volumes | yes | |
| Min. memory | 64M | |
| OS | Linux | |
| Constraints | no | |
| Questions/Comments | Ask Forum | |
As of AppLogic 2.8, INSSL is a deprecated assembly wrapper for the INSSLR gateway. It provides the same boundary as INSSL in AppLogic release prior to 2.8, which allows seamless upgrade for applications using the INSSL class.
The INSSL appliance is a layer-7 gateway for secure HTTP requests. It converts the requests to unencoded HTTP requests. This can be used whenever it is necessary to support secure HTTP on the client's side, but the back-end processing infrastructure does not or cannot support SSL, including:
- using a fast and light-weight HTTP server that does not have SSL support
- using multiple back-end servers, for performance or for redundancy, connected through a load-balancing switch
- using multiple back-end servers for unrelated functions, connected through a URL switch
- offloading the SSL encryption/decryption to a separate server to improve throughput
Boundary
Resources
| Resource | Minimum | Maximum | Default |
|---|---|---|---|
| CPU | 0.05 | 4 | 0.05 |
| Memory | 64M | 2G | 64M |
| Bandwidth | 1 Mbps | 2 Gbps | 200 Mbps |
Terminals
| name | dir | prot. | description |
|---|---|---|---|
http | out | HTTP | HTTPS and/or HTTP requests received on the configured external IP address are directed to the output http as plain HTTP requests on the standard HTTP port 80. In addition to the client-supplied HTTP headers, the forwarded requests also contain the following informational headers:
|
aux | out | any | Output for other protocols, if configured - see the l3_accept_* properties. |
mon | out | cce | Sends performance and resource usage statistics. |
Properties
| name | type | description |
|---|---|---|
ip_addr | IP addr | external IP address of the gateway. This property has no default value and must be set. |
netmask | IP addr | Netmask. This property has no default value and must be set. Default: (empty) |
gateway | IP addr | Default gateway for outgoing traffic. Default: (empty) |
l7_accept | enum | This specifies what kinds of HTTP traffic to accept for forwarding to the http terminal. Valid values: https, http, both , none. If set to none all traffic will be redirected only according to the l3_accept_* properties. Default: both. |
l3_accept_proto | enum | Specifies which protocols will be forwarded to the aux terminal. Valid values: none, tcp, udp, raw, all. If set to tcp or udp, the l3_accept_port property may be used to specify the port. If set to raw the l3_accept_port property specifies the proto number. If set to all all incoming traffic on the external interface is forwarded to the aux terminal. Note that the l7_accept property takes precedence over this one - if you set l7_accept to value different from none all http(s) will be forwarded to the http terminal, the rest of the traffic will go to aux as specified by this property. Default: none. |
l3_accept_port | string | A comma or space separated list of protocols to accept and route at the protocol specified by l3_accept_proto to the aux terminal; Protocols in the list may be specified either as port numbers or as standard protocol names (e.g., ftp, smtp etc. when specifying tcp/udp ports or gre, tcp, etc. when using raw protocols). Port ranges can also be specified (1024:10000, 0:1024). If left empty all ports of the specified protocol will be forwarded. Note: If you set l3_accept_proto to raw you must specify this property which in this case specifies the protocol number (more than one raw protocols may be specified but no proto range (e.g. 20:30) is allowed) Default: all |
allowed_hosts | String | List of hosts and/or subnets allowed to connect. Separate multiple entries with spaces or commas. Supported format example: 192.168.1.2 192.168.1.0/24 192.168.2.0/255.255.255.0. Default: 0.0.0.0/0 (all allowed) |
cert_file | string | File name (relative to the data volume root) of the server certificate that this gateway instance should present to the client. Note that a valid certificate must be present on the configured data volume (see Volumes below) at the location specified by this property if you set l7_accept to https or both, otherwise SSL will fail to start. Default: server.pem |
webdav | enum | This property has no effect on the appliance's behavior, it is kept for compatibility with older versions. Default: off |
timeout | int | Specify how many second Pound will wait for output from the backend server. If the backend server does not send output for timeout seconds, the connection is closed. Default: 300 |
unsafe_ssl | string | Enable the use of 'unsafe' ssl ciphers for compatibility with legacy browsers. The default value of disabled disables SSLv2 ciphers as well as some other SSLv3 and TLSv1 ciphers that are not considered secure. It is recommended to leave this property set to disabled unless you need to support https sessions for legacy browsers which only work with SSLv2. When set to 'enabled', all SSL ciphers available on the system will be used for https sessions. Default: disabled. This property was added in version 1.4.2. |
Volumes
| name | description |
|---|---|
key | A read-only data volume (placeholder) containing, as a minimum, the SSL server signing key. The file should be in PEM format located in the root directory of the key volume, named server.pem. |
Notes
For additional information, check the INSSLR documentation.Questions and Comments
To post a question or comment on this appliance, visit our forum.
-- PavelGeorgiev - 24 Jan 2010
 |
|
Copyright © CA 2005-2011. All Rights Reserved.