Serving Port 80 and 443 for a web application

Question

We have a web server which has historically only run on port 443.  In order to use ACME for automated cert issuance, I have to allow port 80 through to the web server.  I've configured the web server to listen on 80, allowed the port in local firewall and perimeter firewall, and created a virtual server at the F5 pointing to the same internal IP as the functional 443 application.&nbsp;
When I attempt to access it over the internet, I get a generic timeout error.&nbsp;
I suspect the issue has to do with our APM and the establishment of SSL, but I don't know how to get around that.  What is the correct way to set up a virtual server and APM policy to handle both 80 and 443 to the same machine?&nbsp;

kevin_stewart · Answer

There's a Secure setting in the Cookie Options of the APM profile - SSO/Auth Domains tab. This option, when enabled (by default) instructs the browser to only use the APM session cookie over HTTPS connections.&nbsp;
I might caution that if a single access session is to be used across 80 and 443 connections, there's a risk of compromising the HTTPS session if the cookie is stolen. It may be better to isolate the 80 and 443 traffic into separate policies.&nbsp;

Forum Discussion

Serving Port 80 and 443 for a web application

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

iRule to serve security.txt file - RFC 9116

Serving or browsing iFiles

Application Programming Interface (API) Authentication types simplified

Enhanced Modern Applications and MicroServices SSO with NGINX

Secure Modern Applications and MicroServices SSO with NGINX