Forum Discussion
ghaidaF
Nimbostratus
Nimbostratusenable ASM (WAF) on VIP
Hello, I create a new VIP, it request to add WAF on it. I tired to allow/disable ASM policy with HTTP Profile (Client): http & SSL Profile (Client) but I get error below: 400 Bad Request The p...
ghaidaFNimbostratus
NimbostratusAlso I observe the error message below when I add the SSL Profile (Client), even when the HTTP profile :none
"
400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx
"
Hi ghaidaF,
HTTP profile at the client side is mandatory for the correct waf configuration because the HTTP profile instructs the virtual server to interact with the protocol.
Some question:
- Do you have configured an IP for the virtual server in destination example "172.X.X.X"
- wich type of virtual server do you have created?
- SSL client profile is necessary in the case the traffic is encrypted, always keep the traffic encrypted and use the F5 to decrypt the traffic and process the WAF.
- The server is encrypted? in this case you have to configure an SSL server profile, you can use the default provided by F5.
Hope its work.
Hi again,
If the application is only port 80 you don´t need to apply SSL profiles, only enable the HTTP profile, the waf policy, and the logging profile.
