Forum Discussion
Hamish
Jan 21, 2010Cirrocumulus
Normally I add in the certificate information to an HTTPS offloaded stream too. Various 3rd party apps also support the concept of SSL offload. e.g. Oracle Access Manager (OAM) & Tivoli Access Manager (TAM). They expect certain headers to indicate that the SSL was offloaded and so generate the correct URL's.
I also tend not to share the same poolmembers between offloaded (HTTPS) and non-offloaded (HTTP) VS's... Just another belt & braces approach to security... (And I don't use match across pools for persistence either).