Forum Discussion

bsutter_12449's avatar
bsutter_12449
Icon for Nimbostratus rankNimbostratus
Sep 02, 2008

Keeping Session state from https nodes to http nodes

Background:

 

 

Our web application uses SSL to encrypt the login page of our website from here the user is redirected to an http version of the website so they essentially go from an https virtual server(https_vs) to an http virtual server(http_vs). We are doing SSL encryption at the webserver level(IIS). This solution has worked til now. We are looking to add more than one node to the load balanced pools. Specifically 3 to https_VS and 3 to http_VS. Currently in staging when we try to send packets from the https_VS to the http_VS the session only stays alive if the node IP is the same. What would be the best way to force the node to be the same IP when the site redirects from https_vs to http_vs.

 

 

Here is the scenario I would like to configure

 

 

-Round Robin HTTPS_VS nodes and have the nodeIP stick when the user redirects to the HTTP_VS node thus ensuring session state.

 

-Due to our current setup of the website App we are looking to keep SSL encryption at the webserver level and not at the F5.

 

 

Any thoughts and suggestions is greatly appreciated.

5 Replies

  • You need to create a new source address persistence profile and check "Match Across Services" and "Match Across Virtuals", then apply that new profile to both virtuals.

     

     

    Denny
  • HI,

     

    If http pool members and https pool members are different ip address, how do it?

     

    thanks
  • in case:client --->http vs--(rewrite url to https)->https vs(verify user and passwrod)--->http vs--(Authentication to verify the results of user and password)-->https vs;

     

    In case, client connect to https vs and http vs connect to https need connect at the same node, but http pool members and https pool members are different ip address;

     

     

    how do it?

     

     

    thanks
  • Posted By niujun on 03/29/2009 10:06 PM

     

    In case, client connect to https vs and http vs connect to https need connect at the same node, but http pool members and https pool members are different ip address;

     

     

     

    If they are different ip addresses then they can't be the same node, so I'm not quite sure what you are trying to accomplish...

     

     

    Are you saying that you need the client as well as some secondary request made by the backend server to persist to the same node?

     

     

    Denny
  • For example:client --->http vs--(rewrite url to https)->https vs(verify user and passwrod)-->http vs--(Authentication to verify the results of user and password)-->https vs;

     

    In case, client connect to https vs and http vs connect to https vs need connect at the same node, but http pool members and https pool members are different ip address;

     

     

     

    client -->http vs--(rewrite url to https)-->https vs(verify user and passwrod)-->http vs--(Authentication to verify the results of user and password)-->https vs

     

     

    Client connections and http server connections keep up on the same https server

     

     

    thanks

     

     

    Niu