Forum Discussion
lori_54451
Nimbostratus
Nimbostratuscookie insert persistence/ https
We have a website that is managing the SSL encrption from the servers. We are getting ready to turn on Akamai service. One of the requirements is to change from source ip persistence to cookie persistence. I've been working with cookie insert, seemed like the easiest method, but, i can't get it to function properly with https even after adding ssl terminiation on the bigip, client and server side. It functions splendidly as long as the requests are all http. As soon as the server redirects traffic from http to https all sorts of strange behavior occurs. Is there a way to manage this with an iRule.
1 Reply
- I don't think you need an iRule for this. You should be able to use a minor sleight of hand with cookie insert persistence to make it happen.
You definitely need to decrypt @ LTM to see the persistence cookie, but for cookie insert persistence to work, you would also need to use the same pool for both services since the persistence cookie is specific to the pool name.
If you don't need to re-encrypt traffic to the backend, this configuration should work for you:pool servers_port80 member 1.2.3.4:80 member 1.2.3.5:80 persist cookie insert virtual http dest x.x.x.x:80 pool servers_port80 virtual https dest x.x.x.x:443 pool servers_port80 port translation enabled clientssl profile
For re-encrypted traffic to the backend, this configuration should work for you:
(This second option takes advantage of the fact that when using wildcard pool members, port translation is disabled by default, and the same destination port requested by the client is used when connecting with the server.)pool servers_port0 member 1.2.3.4:0 member 1.2.3.5:0 persist cookie insert virtual http dest x.x.x.x:80 pool servers_port0 virtual https dest x.x.x.x:443 pool servers_port0 clientssl profile serverssl profile
HTH
/deb
