LOG IN SIGN UP
Documentation

Maintaining separate HTTP and HTTPS requests to origin servers

It is common to use the same origin web application to serve both HTTP and HTTPS requests and let the application determine which actions to take to secure communications depending on the incoming protocol. Fastly allows users to set this up to preserve this functionality within their servers. To set Fastly up to send HTTP requests to the non-secure service and HTTPS requests to the secure service, configure two origins, one each for the secure and non-secure ports, then set up the conditions under which requests will be sent there.

Create multiple origins

Begin by configuring the same origin address with a different port as a separate origin by following the steps below.

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Edit configuration button and then select Clone active. The service version page appears.
  4. Click the Origins tab. The Origins page appears.
  5. Click the Create host button to create a new backend for your non-secure server. The Create a new host page appears.

    new backend with settings for a non-secure server

  6. Fill out the Create a new host fields as follows:

    • In the Address field, type the address of your non-secure server (for example, a-server.my.com), and in the port field, type 80.
    • Leave the Shielding, Health check, and Auto load balance controls set to their default values.
    • In the Description field, type the name of your non-secure server (for example, Server Name (plain)).
  7. Click the Create button. The non-secure HTTP server appears on the Origins page.

  8. Click the Create host button a second time to create a second backend, this time for your secure server.

    new backend

  9. Fill out the Create a new host fields as follows:

    • In the Address field, type the address of your secure server (for example, a-server.my.com), and in the port field, type 443.
    • Leave the Shielding, Health check, and Auto load balance controls set to their default values.
    • In the Description field, type the name of your secure server (for example, Server Name (secure)).
  10. Click the Create button. The secure HTTP server appears in the Backends area.

Conditionally send traffic to origins

To conditionally determine which server receives secure and non-secure requests, Fastly relies on the presence or absence of a specific header when the backend is selected. When an incoming connection is received over TLS, Fastly sets the req.http.fastly-ssl header to determine which server to use.

Set a condition for this header on each origin by following the steps below.

  1. On the Origins page, click the Attach a condition link next to the name of the non-secure server. The Create a new request condition window appears.

    the Create a new request condition window with settings for the non-secure server

  2. Fill out the Create a new request fields as follows:

    • Leave the Type menu set to Request.
    • In the Name field, type the name of the condition specifying use of the non-secure server (for example, Use non-secure).
    • In the Apply if field, type !req.http.fastly-ssl.
    • Leave the priority set to its default value.
  3. Click the Save and apply to button to create the new condition.

  4. On the Origins page, click the Attach a condition link next to the name of the secure server. The Create a new request condition window appears.

    the Create a new request condition window with settings for the secure server

  5. Fill out the Create a new request condition window as follows:

    • Leave the Type menu set to Request.
    • In the Name field, type the name of the condition specifying use of the secure server (for example, Use secure).
    • In the Apply if field, type req.http.fastly-ssl.
    • Leave the priority set to its default value.
  6. Click the Save and apply to button to create the new condition.

  7. Click the Activate button to deploy your configuration changes.


Back to Top