James_Yang_9981
Aug 14, 2009Altostratus
SSL and proxy malfunction question
The customer using BIGIP as SSL offload and server loadbalance. All of the client is from mobile phone. After first HTTP page to 80 port VS, server will response to client a page that contains link to https pages. When client click the link, it will reconnect to https VS.
Most of the mobile phone are working good with this, but some of the client will send a CONNECT method to BIGIP like treat BIGIP as a proxy server.
The 80 VS response to client link is like this:
The packet send to BIGIP 443 virtual server is like this:
CONNECT mobile.adntech.com:443 HTTP/1.1
Proxy-Connection: Keep-Alive
Via: (infoX WAP Gateway), HTTP/1.1, Huawei Technologies
User-Agent: SonyEricssonW580i/R8BE Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1
Host: mobile. adntech.com:443
x-huawei-apn: uniwap
x-source-id: ggsncd02
x-up-bear-type: gprs
X-Forwarded-For: 10.209.55.22
No doubt, the 443 VS with Client SSL profile will FIN the connection that cause client connection terminated. While the normal client will send a client hello first to establish the SSL connection.
Does anyone has idea of how to solve the problem? Or we can using irules response something to cheat client establish a real SSL connection to BIGIP VS?