For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hui_37443's avatar
hui_37443
Icon for Nimbostratus rankNimbostratus
Jun 24, 2009

Proxy OCSP request

Our Big-IP LTM dev/test device is sitting behind company's firewall. In order to make an OCSP request to our CA, which is an Internet site, I have to configure it to go through the proxy. So far I can...
config
design
Randy_Abrams's avatar
Randy_Abrams
Icon for Nimbostratus rankNimbostratus
Oct 22, 2012
My understanding is that iRule

 

Virtual_to_enable_proxy-unaware_applications_to_make_outbound_TCP_connections_via_a_HTTP_CONNECT_METHOD

 

( https://devcentral.f5.com/wiki/iRules.Virtual_to_enable_proxy-unaware_applications_to_make_outbound_TCP_connections_via_a_HTTP_CONNECT_method.ashx )

 

will initiate a TLS tunnel thru the proxy to an SSL enabled web server.

 

 

Are there any similar methods that may be used when the target web server is non-SSL, HTTP only?

 

 

Use Case

 

-----------

 

Certificate authentication where the OCSP server can only be accessed through a proxy and the OCSP server is HTTP only.

 

 

 

What has been tried and does not work

 

------------------------------------------------

 

 

serverside { TCP::respond "POST http://ocspserver.com [append request_headers $request_payload]" }

 

 

where "POST /" was stripped from $request_headers and $request_payload is binary.

 

 

LTM 10.2.3