Forum Discussion
NimbostratusEncrypt traffic only between F5 LTM and server(s), keep client side traffic HTTP
This is a strange request, but I have a customer that wants to encrypt traffic between the F5 LTM and their server(s) only, and from the client side keep it HTTP. I realize this is probably not best practice, as well as inefficient, but is this even possible?
Scenario requested: 1. Client accesses virtual server on http. 2. LTM encrypts and forwards request to server(s) via SSL (self signed). 3. Server responds back to LTM with request via SSL. 4. LTM decrypts request and forwards back to client HTTP.
6 Replies
HamishCirrocumulus
No problem. Just put a server SSL profile on the VS and away you go. No client SSL profile means the client talks HTTP. Server SSL profile means the comms between server&bigip are encrypted
H
cdeeds_144014Ah, that makes sense. The server(s) would also need any http <-> https redirection disabled as well correct? Just trying to think of things that would ensure the client does not get an https response; their session would stay http the entire time but the server side to LTM would be https.
- Hamish
Yeah. You need to make sure any redirects and/or fully qualified URL's in the responses are re-written. If the app is well written you'll only have to deal with redirects and BASE tags... YMMV..
:)
H
- cdeeds_144014
Fair enough I suppose. Thank you for your quick responses and information about this topic, it's been very helpful!
Vishu_Rao_12264Hi cdeeds,
I have this requirement now and been trying and not able to fix it. Do you have any idea How you did it? my node/app always assumes/reponses/redirects in HTTPS , but VIP to client side should be in http only.
I would appreciate If you give me some direction.
--Vishu
Amanpreet_SinghCirrostratus
Vishu,
If you can use iRule to again write https response from server to http before it reached to client.
Rgrd, Aman
