HTTP and HTTPS simultaneously to the same server

hello list,

I'm using ha-proxy in recent weeks to balance the traffic of 2 webservers (iis 6).

The web application published in that webservers runs over http and https, and the client connection must be forwarded to the same webserver even when the proto is changed (http->https). But when i use http mode (Just like documentation):

> Examples :
> ----------
>
> # make a same IP go to the same server whatever the service
>
> listen http_proxy
> bind :80,:443
> mode http
> balance source
> server web1 192.168.1.1
> server web2 192.168.1.2

i get some problems. Using a similar configuration, with http mode, the connections on port 80 are ok, but https connections (443) simply doesnt work. Below my configuration.

> global
> log 127.0.0.1 local1 info
> daemon
> nopoll
> maxconn 32000
> nbproc 8
>
> listen http_proxy
> bind 200.195.194.208:80,200.195.194.208:443
> clitimeout 180000
> srvtimeout 180000
> contimeout 4000
> mode http
> balance source
> option forwardfor except 127.0.0.1/8
> option dontlognull
> server web1 200.200.200.201 check port 80
> server web2 200.200.200.202 check port 80

So i had to change the mode to tcp. Then both protocols works, but the option forwardfor just works in http mode. I need x-forwarded-for header because i have to create some statics over the access of the web application.

I tried to create 2 listenners, one with http mode and listening the port 80, and the other with tcp mode listening the port 443, but that is probally wrong, because the listenners probally will handle distinct source hashs.

Is there some way to handle https connections with http mode? If not is there some way to configure two listenners to use the same source hash?

Is there some other alternative?

Regards,

-- 
André Gustavo N. Lopes
Analista de Suporte
Tel: +55(41)3331-8293
Fax: +55(41)3331-8256

Onda Empresas
www.ondaempresas.com.br
Hospedagem, E-mail, Banda Larga, Telefonia IP, Data Center.


"Este endereço de e-mail se destina exclusivamente ao uso profissional.
Todo o conteúdo nele inserido é de responsabilidade exclusiva de seu
remetente e não reflete, necessariamente, a opinião ou o ponto de vista
oficial do Onda Provedor de Serviços S/A.

A mensagem, incluindo seus anexos, pode conter informações legais
privilegiadas e/ou confidenciais, não podendo ser retransmitida,
arquivada, divulgada ou copiada sem autorização expressa do remetente.
Caso tenha recebido esta mensagem por engano, por favor, informe o
remetente e em seguida apague-a do seu computador."