LOG IN SIGN UP
Documentation

Maintaining separate HTTP and HTTPS requests to origin servers

It is common to use the same origin web application to serve both HTTP and HTTPS requests and let the application determine which actions to take to secure communications depending on the incoming protocol. Fastly allows users to set this up to preserve this functionality within their servers. To set Fastly up to send HTTP requests to the non-secure service and HTTPS requests to the secure service, configure two origins, one each for the secure and non-secure ports, then set up the conditions under which requests will be sent there.

Create multiple origins

Begin by configuring the same origin address with a different port as a separate origin by following the steps below.

  1. Log in to the Fastly application.
  2. Click the configure tab to access the control panel.

    the configure tab

  3. Select the appropriate service from the Service menu.

  4. Click the blue Configure button to the right of the service name.

  5. Click the Hosts section.

  6. In the Backends area click the New button to create a new backend for your non-secure server. The New Backend window appears.

    new backend with settings for a non-secure server

  7. Fill out the New Backend window as follows:

    • In the Address field, type the address of your non-secure server (for example, a-server.my.com).
    • In the Port field type 80.
    • In the Name field, type the name of your non-secure server (for example, Server Name (plain)).
    • Leave the Health Check, Auto Load Balance, Weight, and Shielding. controls set to their default values.
  8. Click the Create button. The non-secure HTTP server appears in the Backends area.

  9. In the Backends area click the New button a second time to create a second, new backend, this time for your secure server.

    new backend

  10. Fill out the New Backend window as follows:

    • In the Address field, type the address of your secure server (for example, a-server.my.com).
    • In the Port field type 443.
    • In the Name field, type the name of your secure server (for example, Server Name (secure)).
    • Leave the Health Check, Auto Load Balance, Weight, and Shielding. controls set to their default values.
  11. Click the Create button. The secure HTTP server appears in the Backends area.

Conditionally send traffic to origins

To conditionally determine which server receives secure and non-secure requests, Fastly relies on the presence or absence of a specific header when the backend is selected. When an incoming connection is received over TLS, Fastly sets the 'req.http.fastly-ssl' header to determine which server to use.

Set a condition for this header on each origin by following the steps below.

  1. In the Backends area of the Hosts section, click the gear icon next to the name of the non-secure server. advanced configuration menu

  2. From the menu that appears, select Conditions. The Choose Condition window appears.

    choosing a condition

  3. Click the New button. The New Condition window appears. creating a new condition

  4. Fill out the New Condition window as follows:

    • In the Name field, type the name of the condition specifying use of the non-secure server (for example, Use non-secure).
    • In the Apply If field, type !req.http.fastly-ssl.
    • Leave the Priority field set to its default value.
  5. Click the Create button to create the new condition.

  6. In the Backends area of the Hosts section, click the gear icon next to the name of the secure server.

  7. From the menu that appears, select Conditions. The Choose Condition window appears.

  8. Click the New button. The New Condition window appears.

    new_condition_-_use_secure.png

  9. Fill out the New Condition window as follows:

    • In the Name field, type the name of the condition specifying use of the secure server (for example, Use secure).
    • In the Apply If field, type req.http.fastly-ssl.
    • Leave the Priority field set to its default value.
  10. Click the Create button to create the new condition.

    creating a new condition

  11. Deploy the new origins and their conditions by activating the new version of your service.