In this particular case it would have been beneficial to only pass the auth through a subdomain limited to ssl instead of forcing everything through. Considering you aren't doing ssl offload you are going to see an increase in utilization for no intrinsic benefit.