HTTPS on Apache; Will it slow Apache?


HTTPS on Apache; Will it slow Apache?



Our company runs a website which currently supports only http traffic. We plan to support https traffic too as some of the customers who link to our pages want us to support https traffic.

Our website gets moderate amount of traffic, but is expected to increase over time.

So my question is this:

Is it a good idea to make our website https only?(redirect all http traffic to https) Will this bring down the websites performance?

Has anyone done any sort of measurement?

PS: I am a developer who also doubles up as a apache admin.




How do I use mod_perl2 and Apache Bucket Brigades?

1:



Open Microsoft Word in Java
Yes, it will impact performance, but it's usually not too bad compared to the running all the DB queries that go into the typical dymanically generated page..
Slow Client connection blocks Mongrel
Of course the real answer is: don't guess, benchmark it.


Handling web requests on server side
Try it both ways and see the difference.


MySQL error “No Database Selected”
You can use tools like siege and ab to simulate traffic..
Apache FilesMatch - matching a folder in the regular expression
Also, I think you may have more luck with this question over at http://www.serverfault.com/.
Php 5.3 or 6 windows install [closed]


Session Management in TWebModule

2:


I wouldn't worry about the load on the server; unless you are serving high volumes of static content, the encryption itself won't create much of a burden, in my experience.. However, using SSL dramatically slows down web sites by creating a lot more latency in connection setup.. An encrypted session requires about* three times as much time to set up as an unencrypted one, and the exact time depends on the latency.. Even on low latency connections, it is noticeable to the end user, but on higher latency (e.g.

different continents, especially Australasia where latency to America/Europe is quite high) it makes a dramatic difference and will severely impact the user experience.. There are things you can do to mitigate it, such as ensuring that keep-alives are on (But don't turn them on without understanding exactly what the impact is), minimising the number of requests and maximising the use of browser cache.. Using HTTPS also affects browser behaviour in some cases.

Certain optimisations tend to get turned off for security reasons, and some web browsers don't store objects loaded over HTTPS in the disc cache, which means they'll need to get them again in a later session, further impacting the user experience.. * An estimate based on some informal measurement.


3:


Is it a good idea to make our website https only?(redirect all http traffic to https) Will this bring down the websites performance?.
I'm not sure if you really mean all HTTP traffic or just page traffic.

A lot of sites unnecessarily encrypt images, javascript and a bunch of other content that doesn't need to be hidden.

This kind of content comprises most of the data transferred in a request so if you do find feel that HTTPs is taking too much out of the system you can recommend the programmers separate content that needs to be secured from the content that does not..


4:


Most webservers, unless severely underpowered, do not even use a fraction of the CPU power for serving up content.

Most production servers I've seen are under 10%, even when using some SSL traffic.

I think it would be best to see where your current CPU usage is at, and then do some of your own benchmarking to see how much extra CPU usage is used by an SSL request.

I would guess it isn't that much..


5:


No, it is not good idea to make any website as only https.

Page loading speed might be little slower, because your server has to perform redirection operation unnecessarily for each web page request.

It is better idea to make only pages as https that may contain secure/personal/sensitive information of users or organization.

Even if the user information passing through web pages, you can use https.

The web page which have information that can be shown to all in the world can normally use http.

Finally, it is up to your requirement.

If all pages contain secure information, you may make the website as https only..



85 out of 100 based on 75 user ratings 775 reviews