Hello. I've configured SSL Offloading on my F5. I have my VS set to use 443, while my Pool is set for 80. I have set a client SSL certificate. Within IIS, my site is bound to port 80. I've tried a bunch of different iRules but am at a roadblock. When I try to connect via my client, I'm getting an error stating the connection has been actively refused on X.X.X.X:80. I had a similar configuration with Citrix ADC and had to create a policy to redirect from port 80 to https://server.domain.com. Is this possible with F5? Any help is greatly appreciated. Thanks!
To add some extra context, this application can be accessed via browser and also thick client. Without any iRules, when I access https://server.domain.com via browser, everything works fine. But when I try to connect through the thick client, the application is doing something on the back-end in trying to connect through 80 and I'm seeing "No connection could not be made because the target machine actively refused it 10.10.17.150:80"
Hi Adrian, I had a similar issue this morning! my issue was that I didn't have an iRule to notify the backend servers that the traffic was SSL offloaded by the F5.
I was reading this article about setting up ssl offloading;
And in that article it included instructions on setting up an irule with the following code:
##
# Notify the backend servers that this traffic was SSL offloaded by the F5.
##
when HTTP_REQUEST {
HTTP::header insert "X-Forwarded-Proto" "https";
}
Once I did that, my SSL Offloaded VS started to work. I'm still having issues with some redirects, but at least I can get to the correct destination now.
