Sa7120 configuration – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 4

Scenario 5—Configuring a Firewall

45

•

First, because the SA7120 performs all of the SSL processing,
the web server process must be configured to expect only
standard HTTP (unencrypted) connections, even for sensitive
content.

•

Second, the web server process must be configured to listen for
these HTTP connections on a port other than the standard
HTTPS port (443). In this scenario we configure the port 443
service to listen on port 81.

SA7120 Configuration

The SA7120 must be configured to intercept HTTPS connections on
port 443 and forward them to the server. In the preceding section, we
configured the server to provide access to sensitive data through port
81, so that should be the clear text port when creating a server
assignment (or “map”) on the SA7120. Perform the following steps
to create the server assignment:

1. Perform the installation as described in Chapter 2 and access the

command line prompt.

2.

Acquire the appropriate keys and certificates following the
procedure in the “Keys and Certificates” section in Chapter 3.

3.

Create a mapping for the server. Use the create map command
to specify the server IP address, ports, and keyID.

HP SA7120> create map

Server IP (0.0.0.0): 10.1.1.30

SSL (network) port [443]: <Enter>

Cleartext (server) port [80]: 81

KeyID to use for mapping: serv1

Port Number

Connection Type

Content Served

80

HTTP

Non-sensitive

81

HTTP

Sensitive