Configuring Server Settings
A server hosts the actual content for a service. You can configure one or more servers to load balance the incoming web traffic. For information on how to add a server, see How to Add a Real Server. The added server is displayed next to the service or rule group with the default security settings in the Services section on the BASIC > Services page. To modify the server security settings, click Edit next to the server. The Server Configuration window appears with the following sections:
Server (Basic Configuration)
Edit the basic configuration settings of a server using the Server (Basic Configuration) section.
SSL for Servers
To configure SSL for communication between the Barracuda Web Application Firewall and the backend servers, see Configuring SSL for Services and Servers.
In-Band Health Checks
Set the threshold to monitor the health of the server. In In-Band health monitoring, the Barracuda Web Application Firewall checks the server connections and responses for any network issue/error that is preventing a client from reaching the intended server. If the server error responses exceed the specified number, the server is marked as out-of-service. Servers in the out-of-service state are disregarded as potential servers for serving content. If other servers are defined to load balance requests, traffic will be routed to the other servers. If only one server is defined, and it is in the out-of-service state, it will result in an error response to the browser.
By default, the counter is reset every 1024 requests. If the number of errors exceeds the respective setting (Max HTTP Errors, Max Refused, Max Timeout Failures, or Max Other Failures) within the 1024 requests, probing stops and the server is marked as out-of-service.
If Enable OOB Health Checks is set to No in the Out-of-Band Health Checks section, the server remains in the out-of-service state and no requests are sent to that server. If set to Yes, the server remains in out-of-service state until the next probe is sent after the specified time interval, and a valid response is received from the server.
Out-of-Band Health Checks
Out-of-Band health check is performed at Layer 4 and Layer 7. A periodic probe is sent to check the health of the server. If the server health check fails, the server is marked as out-of-service. The server continues to be monitored, so if the server health check succeeds, the server's status reverts to in-service. This is unlike In-Band health checks, where the server can only be placed in the out-of-service status, but can never revert because no further user traffic is directed towards an out-of-service server. To send periodic probes to check the health of the server, configure the following:
Network Layer probes involve a series of 3 connection attempts within the interval. Application Layer probes involve one HTTP request during the specified interval. This affects how quickly a 'server down' condition will be detected, and also how quickly it will be marked as healthy again.
HTTP/1.1 for application health check (OOB) is supported.
Application Layer Health Checks
Application Layer health checks involve making an HTTP request to see if the server is responding correctly. If the server responds correctly, the server is said to be healthy. Otherwise, the server is marked as out-of-service. The settings for Application Layer determine what kind of HTTP request is made (URL, method, headers), and how to determine if the response was a good response (status code and match content string).
Application Layer health checks are governed by the Out-of-Band (OOB) module. To enforce the Application Layer health check policy, set Enable OOB Health Checks to Yes.
To enable Application Layer health check, configure the following fields:
Connection Pooling
For information on connection pooling, see Using Connection Pooling: How and Why.