Forum Discussion
Chris_Phillips
Aug 14, 2012Nimbostratus
SSL offload headers for ASM
Hi,
Is there a way for an ASM box sitting behind an LTM box to know that SSL has been terminated on LTM? We add in similar headers for Weblogic which is behind ASM, but found that the allowed URLs on our ASM policies need to be defined as HTTP instead of HTTPS when it comes to ASM. As we have test environments where the LTM and ASM cohabit a single device, and therefore DO see HTTPS URLs this brings in a frustrating inconsistency when it comes to ASM policy.
Thanks
Chris
- jwham20NimbostratusChris,
- hooleylistCirrostratusI assume they're not using HTTPS between the LTM and ASM. If that's true, you can force ASM to globally interpret all requests as HTTP using an internal parameter:
- Chris_PhillipsNimbostratusAhh, so there's no header we could insert on the LTM's? Strange, I thought there would've been one. Given that we are ASMing some normal HTTP traffic as well as HTTPS, forcing a presumption on ASM doesn't seem appropriate, especiaily as we might be wanting to enable the internal parameters for secure cookies, as then we'd be setting secure on a non-secure cookie which sounds like a bad place to be!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects