This post is as much a question as it is an observation.
Typically we have a number of applications that use our CSM for load balancing and SSLM for encryption. In most cases the transition is seamless, in that there isn't much configuration to be done on the CSM apart from the standard things to allow for HTTPs connections. However, every now and then we see the following:
1. A customer has a web based application which has SSL terminated on the server itself
2. Eventually move the application to using the CSM / SSL module with the same DNS name that is used to access the service
3. In this new setup, through testing we see that the browser (using HTTPWatch) performs both HTTP and HTTPS connections (i.e GETs or POSTs), where previously, (when the SSL termination was on the server), all the browser connections were HTTPs.
In this senarios, i ask the application administrator:
1. Whether there are any absolute links or any such hardcoded links that would cause the browser to perform these HTTP connections
2. Whether URL re-writes can be performed on the server side to ensure that everything that is presented to the client's browser is HTTPs and subsequently all connections made by the browser is HTTPs.
3. Lastly (not preferable at all), is to hard code all links to HTTPs
My question here is, firstly have others noticed this sort of behavior, where you observe the browser performing both HTTP nd HTTPs connections to the same web application? The Application admisistrators almost say the issue is with the CSM, since the web application was working fine when the SSL termination was on the server itself. How best can one explain this sort of behavior? Ultimately my thinking is that it comes down to the way the web application is coded up.....however, why would moving the SSL termination point be any different?!
Any information or Cisco documents that explain this would be most appreciated.