For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Thomas_Schaefer's avatar
Thomas_Schaefer
Icon for Nimbostratus rankNimbostratus
Sep 24, 2009

Best Practice to let server know connection was SSL

After working with the BigIP for several years, I feel silly asking this question, but when one uses SSL acceleration and sends data to the pool members in the clear, how does the backup application k...
application delivery
dev
devops
iRules
Thomas_Schaefer's avatar
Thomas_Schaefer
Icon for Nimbostratus rankNimbostratus
Jan 20, 2010
I figured I would reply to my own question with my current thinking on how to handle this. I have two profiles: http (default) and https. Both are parent profiles so https is NOT a child of http.

 

 

In the https profile, add a header like "X-SSL". In the http profile, remove the header X-SSL just in case some joker adds this header to their request. The https profile enforces that only SSL traffic gets through the https virts so I know if the header X-SSL is present, this had to originated as an SSL transaction.

 

 

I hope that helps.

 

 

Tom