Forum Discussion
Kaloyan
Cirrus
CirrusInsert http header to OCSP request
Hello, I am trying to figure out if it's possible to insert http host header when the F5 makes OCSP request to OCSP responder/server via APM policy? The problem that I have is that F5 sends simple OCSP / POST request without host-header (captured via wireshark) and the OCSP server returns HTTP 302 redirect instead of result of client-cert check. I issued openssl ocsp command with -header Host to the same OCSP server and the cert was checked and proper response was returned.( also captured with wireshark and the only difference in both requests is the host-header). I tried to insert iRule event-box before the OCSP Auth-box and insert the header, but that didn't work.
Hi Mattias,
Have you seen this one? https://support.f5.com/csp/article/K12552109
It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.
Vikash_Ramanla1Nimbostratus
Hi we are also having the same issue. Any assistance will be appreciated.
Mattias_Jansso1I have the exact same issue.
Any updates on this?
- AlexBCT
Cumulonimbus
Hi Mattias,
Have you seen this one? https://support.f5.com/csp/article/K12552109
It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.
- Mattias_Jansso1
Hi Alex!
No!!
Nice work around! :)
I will try it, thanks!!