Forum Discussion
youssef1
Apr 09, 2019Cumulonimbus
Hi,
to summarize you have a backend server that listens in HTTP. so you do offload ssl on F5. your question is completely legitimate.
some application listens on 2 different ports http and https. for security reasons the application owner restricts HTTP access to force the user to use the https port.
the reasons can be mutltiples:
- the access to the service passes through the F5 https securely. then in http on the backend server for optimization reasons (knowing that using the https consumes resources).
- since they have a service that listens in HTTPs. they want to have a valid certificate even if the service is not used (in case of migration on the https port they will already be ready on their side ...)
in your case you should exchange with the application owner to offer him to do ssl bridge (ssl from client to F5 then re-encrypt from f5 to backend, in order to enhance security).
Keep me in touch if you need more help.
regards