We have 4 servers on same VLAN behind the CSS. Two of those servers are web servers which is directly accessed by the public through the CSS. The other two servers are application servers accessed by those two web servers. These application servers must be balanced, prefereable by response time. The servers are using HTTP port 80.

What is the best optimal way to do this? Should I create a source group for the content rule for the application servers. This source group contains the IP's of those web servers. Also setting ACL's to insure port 80 of those application servers are only being accessed by the web servers?

Thanks in advance.