LTM https/http issue

Hi ekal,

Already did that, we have 3 VS VS:80 VS:443 VS:50443

From Client -> VS:80 redirect -> VS:443 -> redirect -> 50443, website login page working. But once the user login the traffic became http.

Then the server(s) on the backend are doing the redirection.

Hi Ekal,

How could we say that backend server is doing the http redirection? Even we have an SSL offloading at f5.

If traffic arrives at your backend server unencrypted, and depending how the application is written, it could be responding with code listing links as http:// It's not so much a redirect as just code stating to go there.

As an example, if I click the login button on my site, the link is a POST to "/login" but I could just as easily make it a link to POST to ";

Does that make sense?

Thanks for the effort Ekaleido. This proves that we need some adjustments to F5.

Thanks a lot. Will keep this thread posted on the result.

Hi Nathaneil0227,

I disagree when you say you need some adjustments to F5.

most HTTP applications support a reverse proxy option to define what is the external URL to prevent URL rewriting on Reverse Proxy.

if you solve it on the server, there is no CPU usage increase on server and F5.

If you want to solve it on F5, it will increase CPU usage on F5 (one of my customers reduced to 10% of HTTP request per second when enabling rewriting. we solved it by changing server behavior)

Hi Stan,

But one of the client requirement is to use F5 SSL built in chip, which makes less CPU load to backend servers.

If you saw that Hem statement below, that is exactly the scenario we encountering right now. We don't need adjustment on the backend server that is why we have F5 I believe. F5 is very flexible appliance.

Regards,

Nathaneil