F5 ASM/WAF in a transparent bridge Reverse Proxy mode

Question

I think that this is good to know. Many WAF vendors nowadays say things like Reverse Proxy/WAF in transperant bridge mode and say that only a few other vendors can do it. The F5 device VIP with a destination host ip is considered an explicit Reverse Proxy because the F5 changes the destination IP, so that it matches the pool member. If we just disable the address translation and use a wildcard VIP we have the called transparent Reverse Proxy/WAF and F5 can do this from version 11 :)

Here is the article:

https://support.f5.com/csp/article/K15099

epaalx · Answer

Why is applicable product showing : BIG-IP, BIG-IP ASM "11.6.0, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0" but not later versions?

Is there a recommended method of implementing ASM in true transparent mode - where BIG-IP has no self-ip IP addresses and is able to inspect HTTPS traffic without terminating it? Is "Proxy-SSL" feature a possible candidate for the latter, but if so, is it not limited by inability to transparently intercept traffic secured using DSA and ECC?

Forum Discussion

F5 ASM/WAF in a transparent bridge Reverse Proxy mode

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Load Balancing IIS Servers

remove www from domain

Front azure traffic from F5 LTM onpremises

F5 BigIP APM VPN some LDAP field are base64 encoded

Two Arm Deployment mode using PBR

Related Content

ASM/WAF Management Automation - TMOS

From ASM to Advanced WAF: Advancing your Application Security

Transparent load balancing in Azure, Part 2

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Transparent Load Balancing in Azure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS