Forum Discussion

sadikhov_80750's avatar
sadikhov_80750
Icon for Nimbostratus rankNimbostratus
Nov 22, 2012

Triggering SSL encrypted pages via LTM

So we have a public web site, which needs to have some certain pages sent/received encrypted via SSL. At the moment all requests are unencrypted and go directly to port 80.

 

We decided to install a public certificate on BIG IT LTM to offload ssl processing.

 

The issue is, that not all pages have to be encrypted, and we want to give web developers ability to trigger encryption either by manipulating the http header or in the code.

 

URI is not an option for a trigger, as the web site has already been built.

 

Is there a way for LTM to check first for a custom header value of the resource at response and make a decision about whether the traffic should be redirected to ssl or not?

 

Current Version 11.1.0

 

1 Reply

  • You've a few options here;

     

     

    1) My preferred option if 2) below isn't possible as it's real simple and puts the control and responsibility in the hands of the people who've made the request - have the developers simply add https:// links where required, configure a new port 443 SSL Virtual Server with the relevant private key and cert installed, pointing to the same servers

     

    2) Make it all SSL, why not? There should be real performance impact if you use the F5 to terminate and it's really, really simple!

     

    3) Yes, an iRule could be use to redirect to HTTPS but it's going to get complicated real fast and every time something changes with the server code you'll never be sure it's doing what it should without full testing