Forum Discussion
Luca_55898
Nimbostratus
Nimbostratusx-forwarded-for, ok with HTTPS?
Hi,
Can you use the X-Forwarded-For option if the virtual server is a HTTPS server doing SSL
offload?
The virtual server is configured on port 443, with a client SSL cert. The pool members are also on port 443. I have enabled the X-Forwarded-For option in a custom HTTP profile and assigned that to the VS, however the customer says its not working correctly.
HamishCirrocumulus
You can if you decrypt the SSL session on the BigIP (SSL Offload) because the BigIP needs the decrypted stream to be able to add content to the headers.
You then have the option to re-encrypt the traffic between the BigIP and the poolmember itself which you;ll require as your poolmembers are doing SSL as well.
H
Luca_55898The pool members are on 443, but not sure if they are doing SSL. I haven't configured a server side cert.So i change the pool members to be port 80, and configure SSL offload as per normal on the F5, can I just do x-forwarded-for like norma (using a HTTP profile?)
- HamishIt'd be unusual for port 443 NOT to be doing SSL. You shouldn't need a server side cert... Just one for the client-side SSL (i.e. the connection FROM the client).
Yes, you can change the poolmembers to port 80 and configure SSL offload. However your don't HAVE to... The BigIP can (WIth a suitable cert to present to the clients) act as a MITM.
H