SSL persistance with http(s) proxies

Hello community,

 

I have the following problem, maybe someone can help me solving it.

 

 

Scenario:

 

I have an inner http proxy server for http and https requests.

 

This ( the other one is hot standby) proxy forwards the requests to the outer (DMZ) proxies.

 

The IP Adress the inner uses is a VIP/VS on the F5 LTM, loadbalancing the requests aso.

 

 

my problem is the SSL persistance.

 

 

Simple http requests are pers. through an iRule matching "X-forwarded-for" which the inner proxy adds

 

to the (http) requests.

 

 

For https request this is not added, and all pre-defined pers.profiles doesn´t work.

 

The http_request in an iRule doesn´t work , I think because of the CONNECT Statement in the initial request

 

and the following ip packets have an http header, but only containing "proxy-connect-hostname" and "proxy-conenct-port".( have done a lot of captures with and without proxy)

 

When I look into the definition of http_request, the above http header is not a valid request in the point of view from F5.

 

 

Does anybody have an idea ?

 

I have tried to match on "proxy-connect-hostname" but maybe my iRule wasn´t correct.

 

 

Thanks and regards,

 

Markus