Forum Discussion
James_Yang_9981
Altostratus
AltostratusSSL and proxy malfunction question
The customer using BIGIP as SSL offload and server loadbalance. All of the client is from mobile phone. After first HTTP page to 80 port VS, server will response to client a page that contains link to https pages. When client click the link, it will reconnect to https VS.
Most of the mobile phone are working good with this, but some of the client will send a CONNECT method to BIGIP like treat BIGIP as a proxy server.
The 80 VS response to client link is like this:
The packet send to BIGIP 443 virtual server is like this:
CONNECT mobile.adntech.com:443 HTTP/1.1
Proxy-Connection: Keep-Alive
Via: (infoX WAP Gateway), HTTP/1.1, Huawei Technologies
User-Agent: SonyEricssonW580i/R8BE Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1
Host: mobile. adntech.com:443
x-huawei-apn: uniwap
x-source-id: ggsncd02
x-up-bear-type: gprs
X-Forwarded-For: 10.209.55.22
No doubt, the 443 VS with Client SSL profile will FIN the connection that cause client connection terminated. While the normal client will send a client hello first to establish the SSL connection.
Does anyone has idea of how to solve the problem? Or we can using irules response something to cheat client establish a real SSL connection to BIGIP VS?
1 Reply
hoolioCirrostratus
I'd think it would be the responsibility of the last proxy server the client went through to get to the VIP that should change the request from a CONNECT to a GET and use SSL. Can you narrow down any pattern in the clients that do this?
What happens if you redirect all CONNECT requests to the same Host and URI? Does the client retry with a CONNECT or a GET?
Aaron
