If there is a large number of servers that have the application installed, it is recommended to use the HAProxy load balancer. In this case, HAProxy uses the configured load balancing method to determine the server to which a scan request is sent. The application operating scheme when using a load balancer is presented in the figure below. This scheme of interaction between components is applicable when the application is installed from an RPM or DEB package as well as when the application is deployed from an ISO image.
Application operation with load balancing
The numbering in the figure corresponds to the following steps of traffic processing:
A user requests access to a web resource. This request is relayed to the load balancer.
The load balancer selects the cluster node according to the defined balancing method and relays the user request to this node.
The built-in proxy server of the selected node accepts the request and relays it to the application's ICAP server so that it can be scanned according to the traffic processing rules.
If access to the web resource is allowed according to the scan results, the built-in proxy server sends the request to the web server on the Internet.
The web server hosting the requested web resource sends a response to the built-in proxy server.
The built-in proxy server sends the web server response to the application's ICAP server so that the response can be scanned according to the traffic processing rules. The scan result is returned to the built-in proxy server.
The built-in proxy server relays the response to the load balancer.
The load balancer sends the response to the user's computer. Depending on the actions defined in the application, the user may see the following pages:
If access to the web resource is allowed, the requested web page is displayed.
If access to the web resource is prohibited, the block page is displayed.
If the Redirect action was applied, the user sees the web page to which the redirect was configured.
You can use the same load balancer to balance different services, or install two load balancers. In this case, the HTTP balancer will distribute the load among the proxy servers, and the ICAP balancer will distribute the load among the cluster nodes of the application. The load balancer connection scheme is presented in the figure below. This scheme is applicable when the application is installed from an RPM or DEB package as well as when the application is deployed from an ISO image.