HTTPS verification on the server side?

Question

I just tried moving our first bigger site to our F5's today which includes a shopping basket that is secured through SSL (the whole site is not secured).  I set up the certificates on the F5 and configured the SSL profile to do the decrypting before the request got to the server.  However, I discovered that our deveopers were doing their own checking to make sure the basket URL's were secure, and if not were redirecting the browser back to https://&nbsp;
&nbsp;This created an endless loop since the F5 was doing the decryption and the server was always just seeing the plain text http request.&nbsp;
&nbsp;What I'm wondering is if any of you guys have seen this before, and if so how you solved it?  Our developers are hesitant to remove the checks on their end, but we want to be able to reap the benefits of having our SSL certificates centralized, and at the same time don't want to necessarily have to make a ton of code changes.&nbsp;
&nbsp;Any thoughts / suggestions are welcome.  Thanks!

unruley_95363 · Answer

Many implementations insert either the whole client certificate or some of the client certificate fields in a separate header so that the backend can track the client certificate.&nbsp;

Forum Discussion

HTTPS verification on the server side?

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

SSL Bridging verification

Handling HTTP Requests on an HTTPS Virtual Server

Google Authenticator Token Verification iRule For APM

Simple HTTP Authentication server

HTTP and HTTPS on a single virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS