Forum Discussion

RonMexico_79057's avatar
RonMexico_79057
Icon for Nimbostratus rankNimbostratus
Sep 10, 2009

HTTP vs HTTPS

Hi All,

 

New to F5s and new to load balancing. Currently migrating our test and production website to be load balanced with 2 BIGIP-3600s with SSL Offloading.

 

My web developers have been complaining that they can distinguish traffic coming back to the clients. Test results have shown that since we started SSL offloading that all traffic returning to the clients is coming back across port 443. Can anyone tell me how to keep port 80 request to come back on port 80 and port 443 request to come back on 443?

 

 

Any help would be appreciated,

 

Ron
config
design

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 10, 2009
    Hi Ron,

     

     

    One option would be to insert an HTTP header in each request sent to the pool(s) with the port the client made a request to. You could do this with a custom HTTP profile using the 'header to insert' option. Put the entry as: Port: [TCP::local_port]. To ensure the client can't manipulate this, you could configure the header name you're inserting also in the Header to Erase field in the HTTP profile.

     

     

    The developers could then generate the application's references to itself using HTTP for clientside port 80 requests and HTTPS for clientside port 443 requests.

     

     

    Aaron
  • Mike_Sullivan_2's avatar
    Mike_Sullivan_2
    Icon for Nimbostratus rankNimbostratus
    Sep 16, 2009
    Hoolio, thanks this is good stuff. Question: to remove the header, do you just need to supply the name of the header, or the header and content?

     

     

    Thanks,

     

     

    Mike
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 16, 2009
    Just the name of the header for 'header to remove' and for the 'header to insert' you want the name and value.

     

     

    Aaron