--- title: Maintaining separate HTTP and HTTPS requests to origin servers summary: null url: >- https://www.fastly.com/documentation/guides/full-site-delivery/domains-and-origins/maintaining-separate-http-and-https-requests-to-backend-servers --- It is common to use the same origin web application to serve both HTTP and HTTPS requests and let the application determine which actions to take to secure communications depending on the incoming protocol. Fastly allows users to set this up to preserve this functionality within their servers. To set Fastly up to send HTTP requests to the non-secure service and HTTPS requests to the secure service, configure two origins, one each for the secure and non-secure ports, then set up the conditions under which requests will be sent there. ## Create multiple origins Begin by configuring the same origin address with a different port as a separate origin server. Follow the instructions for [working with hosts](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts). You'll add specific details about the non-secure server (port `80`) when you fill out the **Create a host** fields: - In the **Name** field, enter a name for the non-secure server (for example, `Server Name (plain)`). - In the **Address** field, enter the address of the non-secure server (for example, `server.example.com`). - In the **Transport Layer Security (TLS)** section, set **Enable TLS?** to **No**. Follow the instructions for [working with hosts](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts) to create another origin server, this time for your secure server. You'll add specific details about the secure server (port `443`) when you fill out the **Create a host** fields: - In the **Name** field, enter a name for the non-secure server (for example, `Server Name (secure)`). - In the **Address** field, enter the address of the non-secure server (for example, `server.example.com`). - In the **Transport Layer Security (TLS)** section, leave the **Enable TLS?** default set to **Yes**. ## Conditionally send traffic to origins To conditionally determine which server receives secure and non-secure requests, Fastly relies on the presence or absence of a specific header when the backend is selected. When an incoming connection is received over TLS, Fastly sets the `req.http.fastly-ssl` header to determine which server to use. Set a condition for this header on each origin by following the steps below. 1. On the **Origins** page, click **Attach a condition** next to the name of the non-secure server. ![the Create a new request condition window with settings for the non-secure server](/img/new-condition-use-non-secure.png) 2. Fill out the **Create a new request** fields as follows: - In the **Name** field, enter the name of the condition specifying use of the non-secure server (for example, `Use non-secure`). - In the **Apply if** field, enter `!req.http.fastly-ssl`. - Leave the priority set to its default value. 3. Create the new condition by clicking **Save and apply to**. 4. On the **Origins** page, click **Attach a condition** next to the name of the secure server. ![the Create a new request condition window with settings for the secure server](/img/new-condition-use-secure.png) 5. Fill out the **Create a new request condition** window as follows: - In the **Name** field, enter the name of the condition specifying use of the secure server (for example, `Use secure`). - In the **Apply if** field, enter `req.http.fastly-ssl`. - Leave the priority set to its default value. 6. Create the new condition by clicking **Save and apply to**. 7. From the **Activate** menu, select **Activate on Production** to deploy your configuration changes.