Forum Discussion
Siddharth_Gupta
Nimbostratus
NimbostratusSSL enabling towards Internet
Hi,
I want to know if its possible for the LTM to terminate HTTPS on the client side, redirect the unencrypted HTTP to a pool of HTTP proxies and re-enable SSL on the way out to the internet. ...
hoolio
Cirrostratus
CirrostratusThat actually isn't clear. Can you elaborate on exactly what you're trying to accomplish?
Are you saying that the BIG-IP - web server connection is through an HTTP proxy server. You want to decrypt the traffic to the HTTP proxy, but have the BIG-IP re-encrypt it somehow after the proxy to the final web server?
The only thing I can think of would be to use a VIP bounceback-like configuration where the client connects to VIP_external which points to the pool of HTTP proxy servers. The proxy servers reference VIP_webservers which points to the pool of web servers. You could then configure SSL on any of the legs of the connection path. Of course, this would create two separate sets of connections: the client to proxy server would be one pair and the proxy server to web servers.
[edit: actually, the configuration I just described matches what you have in your diagram (assuming you're able to change the proxy configuration to point to the VIP_webservers in order to access the web servers). I don't think a rule is necessary. I'd suggest contacting support and going over your requirements to come up with a solution.]
Aaron
