Forum Discussion

Root44's avatar
Root44
Icon for Altostratus rankAltostratus
Oct 15, 2015

http and https monitors

Hello guys,

 

My first question is what is the difference between http and https monitor? And can I use these monitors for any port or are there specific ports I need to use? For example- for many of tasks for 8443 monitor I use https monitor, so does that mean when the port is 8080 then I need to use http monitor? But I haven't seen anybody using http monitor so far. Please put some light on my question guys, I am sorry for silly question like this. Thank you in advance..

 

R

 

availability
BIG-IP Access Policy Manager (APM)
security
storage
virtualization

3 Replies

Sort By
  • pete_71470's avatar
    pete_71470
    Icon for Cirrostratus rankCirrostratus
    Oct 15, 2015

    These are not silly questions! The http and https monitors differ in that https occurs over an ssl connection and http does not. The port used is controlled by the node definitions in your pool - the F5 appliance doesn't force you to use correct/standard ports.

     

    You can use either monitor for any port - as long as it makes sense for your pool members. If a pool has members with port 8080 you can use an http or an https monitor, whichever you decide makes sense for the pool members.

     

  • ad8xx_282161's avatar
    ad8xx_282161
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2018

    I'm curious about this too. If we use a HTTPS monitor on a pool but the server doesn't have a certificate installed (or if the installed cert has expired), would the HTTPS monitor still mark the pool as available?

     

    I have a situation right now where my pool uses HTTPS monitoring and the pool members are marked as available but the server guy isn't sure if there's a valid cert on the server.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 25, 2018

    To explain simply:

     

    http means "HTTP: No Data Encryption Implemented":

     

    HTTP can be intercepted (because flow between client and server is in clear: no ssl/tls encryption) and potentially altered, making both the information and the information receiver (that’s you) vulnerable.

     

    https means "HTTPS: Encrypted Connections":

     

    HTTPS is not the opposite of HTTP, but its younger cousin. The two are essentially the same, in that both of them refer to the same “hypertext transfer protocol” that enables requested web data to be presented on your screen. But, HTTPS is still slightly different, more advanced, and much more secure (encrypting data transmission, and protecting the exchanges from tamperin).

     

    So

     

    • You have to set HTTP monitor when your backend (Application) don't use tls/ssl (to know that the port has no dependence with the protocol. you can put an http profile on port 8443 very well if the server is configured like this).

       

    • You have to set https monitor when your backend use tls/ssl on the backend side (ask it to application owner).

       

    In general HTTP user port 80 and https user port 443 (standard). Additional point as i told you, the used port does not matter you can have ssl/tls flow in port 8080... it's depending of application owner... So to answer to your question you can use this monitor, it does not matter the port, it is necessary that you configures the monitor https when it is a port which uses the encryptions (SSL / TLS) and the HTTP when it is the flow in clear (thus no encryption)

     

    Hope it's clear for your.