Forum Discussion

Kaloyan's avatar
Kaloyan
Icon for Cirrus rankCirrus
Feb 27, 2019

Insert http header to OCSP request

Hello, I am trying to figure out if it's possible to insert http host header when the F5 makes OCSP request to OCSP responder/server via APM policy? The problem that I have is that F5 sends simple OCSP / POST request without host-header (captured via wireshark) and the OCSP server returns HTTP 302 redirect instead of result of client-cert check. I issued openssl ocsp command with -header Host to the same OCSP server and the cert was checked and proper response was returned.( also captured with wireshark and the only difference in both requests is the host-header). I tried to insert iRule event-box before the OCSP Auth-box and insert the header, but that didn't work.

 

  • AlexBCT's avatar
    AlexBCT
    May 05, 2021

    Hi Mattias,

     

    Have you seen this one? https://support.f5.com/csp/article/K12552109

    It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.

    • AlexBCT's avatar
      AlexBCT
      Icon for Cumulonimbus rankCumulonimbus

      Hi Mattias,

       

      Have you seen this one? https://support.f5.com/csp/article/K12552109

      It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.