Forum Discussion
Reza_76713
Nimbostratus
NimbostratusNon Https (443) default port
Hi guys,
We got a https application running on non default https port 443.
The application URL looks like https://xyz.com:8585
I can see traffic coming to ASM.
I think ASM can not blocked illegal requests on non Https default port.
Any Idea how and where can I configure Https_non_default protocol using different port than 443?
Or how can I manage it so that https on non default port work on ASM?
Thx
Reza
hoolioCirrostratus
Hi Reza,
ASM doesn't validate the destination port--just the protocol (HTTP and/or HTTPS) you configure objects for. ASM will be able to block illegal requests/responses which are set for blocking.
Aaron
Reza_76713Thx Aaron for prompt answer.
ASM is not still blocking bad requests, in the service port within virtual server settings is by our non-default https application port set to 9191 and the protocol set automatically to other. Could be this an issue?
Please find below the request diagram (the internal web application work on port 9191):
Internet https://xyz.com:9090 -> Firewall port mapping https://xyz.com:9191 -> BigIP/ASM -> service port within virtual server set to 9191 protocol other
Thx
Reza
see attchment.- AaronJB
SIRT
The configuration you have should work fine as far as the VIP side of things; the textual 'Service Port' is simply a human-readable version of the service port setting. Whether the traffic is interpreted & decrypted as SSL and/or HTTPS is down to the profiles you have attached to the VIP - and if ASM is inspecting traffic correctly then you know you have those right.
I think you need to look more in the direction of your policy settings within the ASM GUI, rather than the VIP configuration.
What happens when a request arrives which you believe should be blocked - does the ASM log any violations on the request?
