I have a basic ASP.NET application that sits behind an F5 load-balancer.
Incoming SSL requests (over HTTPS) terminate at the load-balancer and all internal communication between the load-balancer and my application servers is unsecure (over HTTP).
When a unsecure request comes in, my app is able to use Response.Redirect("https://...")
to redirect a secure URL with no problems. However, the other direction appears to be impossible - I cannot redirect from HTTPS to HTTP using Response.Redirect()
from my application. The URL remains HTTPS for the client and does not change. Could the F5 be preventing the redirect for ever reaching the client?
Is there any special configuration necessary to let this happen?