What I should use HTTP or HTTPS in policies?

Question

hello,&nbsp;
&nbsp;I just start working with ASM and there is some details confusing me I hope you help me with that.&nbsp;
&nbsp;In Application-Ready Security Policies there is two type of template HTTP and HTTPS.&nbsp;
&nbsp;What is the different between these policies?&nbsp;
&nbsp;If I was using https and decrypt the data in LTM then sent to ASM decrypted in this case, what I should use
&nbsp;HTTP or HTTPS?&nbsp;
&nbsp;Thank you in advance.&nbsp;

ido_breger_3805 · Answer

Hi, 
&nbsp; You should use HTTPS in this case. 
&nbsp; Cheers, 
&nbsp; Ido

hoolio · Answer

As Ido says, you'll want to set the protocol to what the virtual server is using on the client side. 
&nbsp;  
&nbsp; Aaron

infosec_38553 · Answer

Thank you all,&nbsp;&nbsp;
&nbsp;I just need more details.&nbsp;
&nbsp;I decided to build the policy in manual (from scratch) and my web site using HTTP and HTTPS together.&nbsp;
&nbsp;Do I need the protocol only when I set the URLs in my policy or I should have two versions one for HTTP and the other for HTTPS?&nbsp;
&nbsp;I think one version is Enough, but to make sure.&nbsp;

Forum Discussion

What I should use HTTP or HTTPS in policies?

3 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

SSH forward proxy

Multiple Default Gateways

ASM Sec-CH-UA-Full-Version-List backquote in Header

Scenarios where Service Policy should be used over iRule and Vice versa

Issue on connection limit

Related Content

Policy Puppetry, Jumping the Line, and Camels

HTTP Event Order -- Access Policy Manager

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

Minimizing Security Complexity: Managing Distributed WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS