I was wondering if I could get some help with an issue i am facing with SSL throught the LTM to an IIS website.
We have an IIS site that has a Default webpage with a few sites underneath. I did not create the site, just the F5 Virtual Server. I created an HTTPS VIP, with a standard http profile, client ssl profile, and server ssl profile. When I browse to the site https://site.domain.com/uri it opens up the webpage, but if i browse to the default site https://site.domain.com I get a 403 Forbidden access error. So I tried ssl proxy bypass, i tried performance VS, still same issue. I then pointed DNS directly to the server, and when i did that, it loaded the default webpage. Also, through the Virtual server HTTP does load the default webpage, it seems to only to give 403 access forbidden error when using SSL. I was wondering if there is any profile or configuration that can maybe pass the traffic through and only use the cert served from the server or any other way we can work around this issue. The 403 error stops the application tool that uses the VIP from being able to load. Any help would be greatly appreciated.
As you said, you are able to browse link https://site.domain.com/uri bt not https://site.domain.com when taken behind F5, can you please check if default IIS page is actually available on the server. It seems it's not available on server.
Please check it by accessing server actual IP address and see if if you get IIS page.
Thanks for you response. When i browse to the IP i get HTTP Error 404. The requested resource is not found. What they want to see is the splash page that shows you that there is not default web page if that makes sense with the detailed error information. The 403 error stops the application from loading. The server has a 443 binding with the hostname and certificate, and when point DNS direclty to the server i get an entirely different page.
I think, this is something that you need to check at application level but not F5 level.
HTTP 404 indicates that the browser was able to communicate with a given server, but the server could not find the request.
On F5 side, just make sure proper server ssl profile is configured. I think it is proper as you were able to access application with /uri part.