For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_24306's avatar
Dan_24306
Icon for Nimbostratus rankNimbostratus
Aug 14, 2013

Best practice for HTTP and HTTPS backend

Hello,   My company is trying to implement SSL on one of their legacy web sites. They already had an existing port 80 virtual server configured that would receive the traffic and then send it on t...
design
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Aug 14, 2013

Dan - are you offloading SSL on the virtual server and then sending the traffic from the f5 to the web server over HTTP? If so then this is fine - you could even use the same pool on the 443 VS. Then, F5 is doing the SSL work (which it's great at) and this means the server doesn't have to. Internally you may not need the traffic to be re-encrypted. This would be a local decision for you. I've seen it both ways i.e. we've also re-encrypted the internal traffic.

 

If you wanted to re-encrypt the traffic (using a Server SSL profile) then I don't believe you can use the same backend port (8081), you'd have to setup a new port on the server to accept SSL.

 

Hope this answers your question.

 

N