...
IP address | Listen to multiple virtual IP addresses and distribute traffic based upon the IP address used by the client. | ||||||
---|---|---|---|---|---|---|---|
X-Forwarded-Host | Use Layer 7 inspection of the requests to distribute traffic based upon headers contained in the client requests. | The X-Forwarded-Host header can be used by a proxy or load balancer to allow client applications to use a different host name for each supported HTTP storage protocol while sharing the same storage domain for the content. Consider the storage domain The load balancer needs to add the header to direct storage requests to the shared storage domain:
| |||||
DNS | Cause the DNS name resolution to be different for the clients using one storage protocol than for the clients using another protocol. | Clients using S3 may resolve the storage domain castor.example.com to 10.100.100.81 while clients using SCSP resolve the same storage domain to 10.100.100.82. This method requires the administrator has control of the hosts where the client applications run so as to allow alteration of the DNS/host resolution but does not require in-line modification of the HTTP requests. | |||||
OPTIONS | Route request method OPTIONS with "Origin" to the S3 port rather than default to the SCSP port (which happens when an Authorization header does not exist or have "AWS"). | S3 must handle "bucket in Host" style requests because SCSP reports the domain was not found.
| |||||
Pattern-matching | Use Layer 7 inspection of the requests to switch incoming traffic based on the object storage protocol. See below: | This is performed by looking for the distinctive S3 Authorization header pattern or one of the query string arguments for authenticated S3 requests. The pattern-matching rules for these authenticated S3 requests are as follows. | |||||
| Use pattern-matching on the request header. |
| |||||
| Use pattern-matching on the query string arguments. |
| |||||
| Use pattern-matching to test for the absence of all AWS request patterns. | The request is either an anonymous S3 request or an SCSP request. Since anonymous S3 requests do not create, update, or delete content, they are most likely GET requests, and it is safe to allow SCSP to handle these. Using SCSP for video (e.g., mp4) objects also avoids an issue with If-Range handling on the Gateway S3 port. |