Hardware SSL (BIG-IP) / IIS Detection

• Previous message: Nicole Calinoiu: "Re: Connecting to a web service thru a proxy server"
• Next in thread: David Wang [Msft]: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Reply: David Wang [Msft]: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Reply: Mike Singer: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 5 Aug 2004 13:29:57 -0600

We run BIG-IP from F5 Networks for traffic management and install our SSL
certs on this device. When the page is decrypted
on the BIG-IP and forwarded on to IIS in clear text, there is no way to
programatically detect whether the page requested was
secure or unsecure (looking at HTTP info). This is often useful to switch
between HTTP and HTTPS (in the same domain) instead of hardcoding the
protocol in website links.

So my question is:
1) Is there a way to setup this environment so that IIS knows that the
incoming request was actually decrypted by the BIP-IP? Even though it was
requested over port 80.
2) If SSL traffic is routed from the BIP-IP to port 443 on IIS, is there a
way to install a certificate on IIS that doesn't tax the CPU like it would
normally when a cert is installed on IIS?

In #2, we can route all the requests to port 443 on the IIS server, but in
order for IIS to serve a request on this port, IIS has to have a cert
installed.

Hope my question make sense.

Thanks.

• Previous message: Nicole Calinoiu: "Re: Connecting to a web service thru a proxy server"
• Next in thread: David Wang [Msft]: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Reply: David Wang [Msft]: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Reply: Mike Singer: "Re: Hardware SSL (BIG-IP) / IIS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]