You are here
How to enable HTTP(S)-Keepalive for back-end requests
Submitted on 21. October 2008 - 15:00 by foesch.
Last update on 27. April 2021 - 10:55.
Last update on 27. April 2021 - 10:55.
Airlock 4.2.4 and newer does not use HTTP-Keepalive per default. In an intranet or server network, the added latency is usually not a problem because these networks are much faster than the internet connection in front of the WAF. If using HTTPS in the back-end network, Airlock is doing SSL-Session-Resumes to fullfill performance expectations.
Note that HTTPS connections to back-ends terminating SSL/TLS in Java, e.g. using Tomcat or JBoss, require one of these two settings:
- Configure Airlock WAF using HTTP-Keepalive for the back-end group as described below or
- Use a separate web server, e.g. Apache, for terminating SSL/TLS in the back-end and forwarding requests to the Tomcat or JBoss application server using HTTP or AJP.
If backend HTTP(S)-Keepalive is needed, follow these steps:
- In the Airlock Configuration Center, add the following line to the Security Gate Expert Settings, either globally or for specific Back-end Groups:
BackendForceNewConnections "FALSE"
- Activate
These changes will survive activations, reboots and updates. But please check the setting if the system has been upgraded to a newer major release of Airlock.
Knowledge Base Categories: