Forum Discussion

munawar_64873's avatar
munawar_64873
Icon for Nimbostratus rankNimbostratus
Jan 12, 2009

F5 SSL Offload: Error on first visit to site, against an HTTPS page

Hi,

 

 

We've implemented an F5 SSL Offload scenerio on our website, where all SSL traffic is routed to Port 8000 via the loadbalancer.

 

 

We're having an issue where, if the user hits the site by visiting an HTTPS page FIRST, then the site throws an error. If the user then refreshs, the page loads.

 

 

If the user visits an http page first, everything works fine, and subsequent calls to HTTPS pages on the site work fine. Its just the first visit to the site, against an HTTPS page the doesn't work.

 

 

When we test the site without the loadbalancer (ie. Http://mysite.com:8000/default.aspx) the page loads fine.

 

 

It almost seems like a timeout issue, but we haven't been able to figure it out.

 

 

Has anyone seen this before, or can help out?

 

 

Munawar
microsoft
partner

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 13, 2009
    Hi Munwar,

     

     

    What is the error that the client sees on the first request that fails? Is it page cannot be displayed or some other message? If you use a browser plugin like Fiddler for IE or HttpFox for FF, can you post anonymized copies of the request/response headers?

     

     

    Thanks,

     

    Aaron
  • munawar_64873's avatar
    munawar_64873
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2009
    Hi Aaron,

     

     

    Answers inline:

     

     

    Q: What is the error that the client sees on the first request that fails? Is it page cannot be displayed or some other message?

     

    A: Internet Explorer cannot display the webpage

     

     

    Q: If you use a browser plugin like Fiddler for IE or HttpFox for FF, can you post anonymized copies of the request/response headers?

     

    A: Fidler dump:

     

     

    RAW dump of the header:

     

     

    Request Header:

     

    GET /MYSITE/Service/contentviewer.aspx?ID=AboutUs&Menu=Footer&MasterPage=AboutOurProducts.master HTTP/1.1

     

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19

     

    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

     

    Accept-Encoding: gzip,deflate,bzip2,sdch

     

    Cookie: LinkShare=; CS_Anonymous={267c4238-0d45-489c-8fe5-48e5a8b06775}; ASP.NET_SessionId=ifmnvpnsoo5qrnu3bvmdt555

     

    Accept-Language: en-US,en

     

    Accept-Charset: ISO-8859-1,*,utf-8

     

    Host: MYWEBSERVER:8000

     

    Proxy-Connection: Keep-Alive

     

     

     

    Response header:

     

    HTTP/1.1 502 Fiddler - Connection Failed

     

    Content-Type: text/html

     

    Connection: close

     

    Timestamp: 11:16:43:2651

     

     

    [Fiddler] Connection to MYWEBSERVER failed.

     

    Exception Text: No connection could be made because the target machine actively refused it MYLOADBALANCER.com:8000
  • Lou_27246's avatar
    Lou_27246
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2010
    I believe we may be having a similar issue regarding Safari and HTTPS/SSL sites. We consistently get the following error when trying to open an HTTPS page through Safari:

     

     

    "Safari Can't open the page"

     

     

    Safari can't open the page "https//xxxxx.xxxxx..xxxxx" because Safari can't establish a secure connection to the server.

     

     

    A couple of "refreshes" and the page will then open. The https pages also open fine in I.E., F.F. and Chrome. Only has issues with Safari browser. When I pull the sites out from behind the F5 BipIP and hit them directly, the errors go away.
  • TammyM_173209's avatar
    TammyM_173209
    Icon for Nimbostratus rankNimbostratus
    Oct 20, 2014

    I realize this post is several years old - but I am having the same issue, except I'm using just the standard 443 port. Is there a resolution to this issue?