Interesting F5 DevCentral Article - Disadvantages of Direct Server Return
Just read an interesting article on F5's DevCentral site regarding the disadvantages of direct server return. Essentially, Direct Server Return involves setting up a load balancing configuration so that responses from your web server returns directly back to the requesting browser instead of responding back through the F5.
I was planning on using it in-house on a Tivoli Access Manager site because the WebSEAL component doesn't seem to know what to do when the BigIP sends an X-Forwarded-For header to WebSEAL. In order to set IP Address Restrictions on junctions on WebSEAL, WebSEAL obviously needs to be able to see the IP Address of the client but if the BigIP front-ends the WebSEAL host, it can't. DSR was going to be a potential fix for this instead of going the route where I would set up an IP Address Restriction on the BigIP and perform the restrictions there. But with all these disadvantages, it doesn't seem like the best idea now.
I was planning on using it in-house on a Tivoli Access Manager site because the WebSEAL component doesn't seem to know what to do when the BigIP sends an X-Forwarded-For header to WebSEAL. In order to set IP Address Restrictions on junctions on WebSEAL, WebSEAL obviously needs to be able to see the IP Address of the client but if the BigIP front-ends the WebSEAL host, it can't. DSR was going to be a potential fix for this instead of going the route where I would set up an IP Address Restriction on the BigIP and perform the restrictions there. But with all these disadvantages, it doesn't seem like the best idea now.