Forum Discussion
7 Replies
- MiLK_MaNNimbostratus
So you want to have SSL on the clientside, but decrypt on the backend?
If so, this is called SSL offload and is a very easy thing to do by having a clientside SSL profile but not putting one on the serverside.
The only thing to watch out for are embedded URL references in your HTML code, or Location headers that don't include https:// schema.
- Moinul_RonyAltostratusI can confirm that the URL references will be unchanged and be still on http:// .. Can you point me to any documentation that shows a optimal way of SSL offloading from a HTTPS VS to a HTTP Pool ? Thanks.
- MiLK_MaNNimbostratusAre the URL references relative (ie. /path/file.html) or definitive (eg. http://host.com/path/file.html)? If it's the latter, you will need a stream profile similar to what has been described in this devcentral post: https://devcentral.f5.com/questions/irule-for-rewriting-http-request-with-https-request
- MiLK_MaN_61922Nimbostratus
So you want to have SSL on the clientside, but decrypt on the backend?
If so, this is called SSL offload and is a very easy thing to do by having a clientside SSL profile but not putting one on the serverside.
The only thing to watch out for are embedded URL references in your HTML code, or Location headers that don't include https:// schema.
- Moinul_RonyAltostratusI can confirm that the URL references will be unchanged and be still on http:// .. Can you point me to any documentation that shows a optimal way of SSL offloading from a HTTPS VS to a HTTP Pool ? Thanks.
- MiLK_MaN_61922NimbostratusAre the URL references relative (ie. /path/file.html) or definitive (eg. http://host.com/path/file.html)? If it's the latter, you will need a stream profile similar to what has been described in this devcentral post: https://devcentral.f5.com/questions/irule-for-rewriting-http-request-with-https-request
- Alex_Dominic_SaNimbostratus
I added the rule this time no response from the VIP only :-(