You are here

How to enable HTTP(S)-Keepalive for back-end requests

Airlock 4.2.4 and newer does not use HTTP-Keepalive per default. In an intranet or server network, the added latency is usually not a problem because these networks are much faster than the internet connection in front of the WAF. If using HTTPS in the back-end network, Airlock is doing SSL-Session-Resumes to fullfill performance expectations.

Note that HTTPS connections to back-ends terminating SSL/TLS in Java, e.g. using Tomcat or JBoss, require one of these two settings:

  • Configure Airlock WAF using HTTP-Keepalive for the back-end group as described below or
  • Use a separate web server, e.g. Apache, for terminating SSL/TLS in the back-end and forwarding requests to the Tomcat or JBoss application server using HTTP or AJP.

If HTTP(S)-Keepalive is needed, follow these steps to enable HTTP(S)-Keepalive:

  • In the Airlock Configuration Center, add the following line to the global Security Gate - Expert Settings:

SecurityGateway * BackendForceNewConnections "FALSE"

  • If HTTP(S)-Keepalive is only needed on one Back-end Group, add the following line to the Security Gate - Expert Settings of the particular Back-end Group:

BackendForceNewConnections "FALSE"

  • Activate

These changes will survive activations, reboots and updates. But please check the setting if the system has been upgraded to a newer major release of Airlock.

 

Knowledge Base Categories: