This solution applies to all Barracuda Load Balancer models 340 and above using the Route Path deployment mode with SSL Offloading, firmware versions 2.0 and above.
To force HTTPS connections from port 80, to a different service utilizing SSL offloading, you must create two services, each with the same VIP.
Set up the first service set up for SSL offloading (as in Solution #00002491). The VIP must be listening on any port other than 80 or 443. The Real Servers (and the server application) for this service must be configured to listen on the same port as the Virtual IP address (not 80 or 443). Remember to set the SSL Engine Listen Port for this service to 443.
The second service must be set up with the VIP listening on port 80, with the Real Servers and associated applications listening on the same port. You will then need to configure the application on the Real Servers to redirect any connections received on port 80 to https://<VIP>, which will redirect those connections to the first service. This way, any connections that come in on the VIP on port 80 will be redirected to the HTTPS address on port 443, and the traffic will be handled appropriately.
Please note that the redirected, decrypted HTTPS traffic will not be received by the Real Servers on port 443, but instead the port configured for the first service, and the application must be configured to receive traffic on this port. The application running on the service using SSL Offloading (the first service) will never see any SSL connections, as the Barracuda Load Balancer will perform all SSL encryption and decryption.
Link to This Page: