With the increasing scale of SSL traffic, its disadvantages are becoming more and more obvious. In HTTPS communication, the client needs to start an SSL handshake with the server after the TCP handshake, which may cause SSL delay. In addition, the web server needs to encrypt and decrypt the data in transit, so the SSL encryption communication mechanism will inevitably affect the computing performance of the server. SSL offload can solve this problem. It converts encrypted traffic into non-encrypted traffic to help reduce the computing pressure of the server and improve concurrent access, and then speed up client access.
NSFOCUS WAF supports SSL offload. After this function is enabled on NSFOCUS WAF for the protected website, HTTPS is used between WAF and the client and HTTP is used between WAF and the web server. This not only ensures the security of data communication, but also reduces resource consumption of the web server.
To enable SSL offload, do as follows:
Choose Security Management > Website Protection > Website Group > Website Group Management, click a website in the left navigation pane, and then click Add Website in the upper right of the Website table. In the Add Website dialog box, configure parameters as required.
Parameters for configuring SSL offload