Forum Discussion

Maikel_Mantilla's avatar
Maikel_Mantilla
Icon for Nimbostratus rankNimbostratus
Oct 26, 2017

HTTP_Profile breaking application that relies on Host_header

We are trying to migrate a Web Application from old ACE Load Balancer to F5. The nodes serving the application apply style sheets to the page based on the HTTP Host Header that is received in the GET request. Depending on the FQDN that is called from the browser the application applies a particular style sheet or another. This is currently working as expected in a really old Cisco ACE Load Balancer that does not do any inspection at the HTTP layer other than using SSL. The only way for it to work in the F5 is by removing the HTTP profile so that HTTP inspection does not happen. However, we cannot remove the http_profile because we need cookie persistence and also SSL encryption which is impossible to use without the http_profile.

 

These are my questions: Is there a way to do SSL offloading and cookie persistence in the F5 without using and HTTP profile so that the F5 passes the GET seamlessly without looking at it at all? If there is no way, what you think it could be the cause of the issue here? I know is a very difficult question to answer without looking at more details but general ideas will be appreciated as I am out of ideas right now in how to make this work and the coders do not really want to make any changes to the application to provide me with multiple URIs so that the F5 makes the decision based on that.

 

  • Hi,

    SSL offloading does't require HTTP profile! You can offload SSL for any tcp protocol (ex : SMTPS, LDAPS, ...)

    Cookie persistence requires HTTP profile.

    But HTTP profile requires ClientSSL profile if the client side is encrypted. if you enable HTTP profile without clientSSL profile and the client try to connect to HTTPS service, http profile will reject connection because CLIENTHELLO is not HTTP.

    Can you post here the virtual server configuration (anonymize information before posting)

    tmsh list ltm virtual