Forum Discussion

Roman_80473's avatar
Roman_80473
Icon for Nimbostratus rankNimbostratus
Jan 11, 2012

SSL Termination with clear text response from web server

Hi folks,

 

 

This might be a silly question:

 

We terminate SSL and send traffic to non-secured web servers. We're having some issues encrypting clear text responses on proxy servers before returning them back to client. Is there a way to encrypt a clear text response from target servers on F5 itself?

 

 

Any help is appreciated

 

Thanks, Roman
  • Aaron and nitass,

     

     

    Thank you both for your replies. I'll try to use the Fiddler2 to check web server response. The idea I had was to take the encrypting/decrypting burden off the web tier completely. This way, if we have any non-secured web server in the pool (Apache, Weblogic, Sun proxy, etc), web tier would do the actual work, while F5 handles ssl between client and itself. I'm not sure that's feasible since we always had encrypted traffic throughout

     

     

    Anyways, I have a test pool with weblogic server on some non-secured port, which accepts clear text request from F5 and sends clear text response back. The problem is that client comes with ssl thru F5, but sees plain http page.

     

     

    Thanks, Roman
  • I have figured out what my issue was. An http profile I've been using didn't allow for rewrite. Once I've changed that, all fell into places. Thank you again for all your help.

     

     

    Roman

     

  • There was an error in the iRule: [string tolower [HTTP::header Host]] in HTTP_RESPONSE should have been [string tolower [HTTP::header Location]]. I fixed that and added the example to the Codeshare:

     

     

    https://devcentral.f5.com/wiki/iRules.HTTPS-offload-rewriting.ashx

     

     

    Aaron