For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ghaidaF's avatar
ghaidaF
Icon for Nimbostratus rankNimbostratus
Feb 13, 2024

enable ASM (WAF) on VIP

Hello,  I create a new VIP, it request to add WAF on it. I tired to allow/disable ASM policy with HTTP Profile (Client): http & SSL Profile (Client) but I get error below: 400 Bad Request The p...
security
ghaidaF's avatar
ghaidaF
Icon for Nimbostratus rankNimbostratus
Feb 14, 2024

Also I observe the error message below when I add the SSL Profile (Client), even when the HTTP profile :none

"
400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx
"

Sebastiansierra's avatar
Sebastiansierra
Icon for MVP rankMVP
Feb 14, 2024

Hi ghaidaF,

 

HTTP profile at the client side is mandatory for the correct waf configuration because the HTTP profile instructs the virtual server to interact with the protocol.

Some question:

  1. Do you have configured an IP for the virtual server in destination example "172.X.X.X"
  2. wich type of virtual server do you have created?
  3. SSL client profile is necessary in the case the traffic is encrypted, always keep the traffic encrypted and use the F5 to decrypt the traffic and process the WAF.
  4. The server is encrypted? in this case you have to configure an SSL server profile, you can use the default provided by F5.

 

Hope its work.

  • Sebastiansierra's avatar
    Sebastiansierra
    Icon for MVP rankMVP
    Feb 14, 2024

    Hi again,

    If the application is only port 80 you don´t need to apply SSL profiles, only enable the HTTP profile, the waf policy, and the logging profile.