Forum Discussion
NimbostratusAsm with squid outbound proxy
asm with squid outbound proxy does this work ? I tried this myself, the http:// urls work but the https does not . Any workaround ?
6 Replies
Hannes_Rapp_162Nacreous
A number of things can be wrong. Do you have more information about design, and policy configuration? Do you intend to use WAF so that your internal users can't try attack 3rd party web-sites on the public web? Normally, WAF is put in place to protect your own services from external users.
First basic criteria is that the ASM module requires un-encrypted input. Where do you currently offload TLS?
chin_15339There is no SSL offload its just plain Squid forward proxy listening on port 3128
- Hannes_Rapp_162
So HTTPS not working is as expected then. I do not know your use-case, so I will just refer you to solution articles:
-
Look into Client-SSL profiles: https://support.f5.com/csp/article/K14783
-
Depending on your use-case, Proxy SSL feature may suit better: https://support.f5.com/csp/article/K13385
-
Hannes_RappA number of things can be wrong. Do you have more information about design, and policy configuration? Do you intend to use WAF so that your internal users can't try attack 3rd party web-sites on the public web? Normally, WAF is put in place to protect your own services from external users.
First basic criteria is that the ASM module requires un-encrypted input. Where do you currently offload TLS?
- chin_15339
There is no SSL offload its just plain Squid forward proxy listening on port 3128
- Hannes_Rapp
So HTTPS not working is as expected then. I do not know your use-case, so I will just refer you to solution articles:
-
Look into Client-SSL profiles: https://support.f5.com/csp/article/K14783
-
Depending on your use-case, Proxy SSL feature may suit better: https://support.f5.com/csp/article/K13385
-
