For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tiwang's avatar
tiwang
Icon for Nimbostratus rankNimbostratus
Mar 03, 2014

Using SSL offload and passing traffic through to internal webserver

hi out there

 

I have defined a vs - solely LTM (bigip 11.3) where I make use of SSL offload in the F5 and passing the http traffic through to a internal webserver. The intention was that we in phase one of this project get the frame for it up and run - the F5 should only take care of SSL offload and passing the traffic on to the internal server. But - The authentication fails - I have enabled basic authentication on the webserver (IIS7.5) and it replies nicely with a 401 which the first time is passed through to client on the outside of the F5. Afterwards it fails and I cannot really find out why. I have been using the standard http profiles etc - as much as possibly right out of the box. Eg.: my problem here is that the first time the client access the internal webserver the authentication runs correctly - but afterwards it is as if the authentication fails - the webserver writes 401 in the logfile.. Since it is SSL encrypted on the client side it is a bit hard to investigate in even thoguh I can see what we think we sends by dumping it out with tcpdump and decrypt with ssldump - but I am still not sure what is going wrong. Are there some common pitfalls here when we do a protocol-transition?

 

best regards /ti

 

No RepliesBe the first to reply