What I should use HTTP or HTTPS in policies?

Question

hello,&nbsp;
&nbsp;I just start working with ASM and there is some details confusing me I hope you help me with that.&nbsp;
&nbsp;In Application-Ready Security Policies there is two type of template HTTP and HTTPS.&nbsp;
&nbsp;What is the different between these policies?&nbsp;
&nbsp;If I was using https and decrypt the data in LTM then sent to ASM decrypted in this case, what I should use
&nbsp;HTTP or HTTPS?&nbsp;
&nbsp;Thank you in advance.&nbsp;

ido_breger_3805 · Answer

Hi, 
&nbsp; You should use HTTPS in this case. 
&nbsp; Cheers, 
&nbsp; Ido

hoolio · Answer

As Ido says, you'll want to set the protocol to what the virtual server is using on the client side. 
&nbsp;  
&nbsp; Aaron

infosec_38553 · Answer

Thank you all,&nbsp;&nbsp;
&nbsp;I just need more details.&nbsp;
&nbsp;I decided to build the policy in manual (from scratch) and my web site using HTTP and HTTPS together.&nbsp;
&nbsp;Do I need the protocol only when I set the URLs in my policy or I should have two versions one for HTTP and the other for HTTPS?&nbsp;
&nbsp;I think one version is Enough, but to make sure.&nbsp;

Forum Discussion

What I should use HTTP or HTTPS in policies?

3 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Requirement for BIG-IQ VM Deployment in AWS

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 breaking Exchange authentication

Can't change sync type or failover after tenant upgrade.

Related Content

F5 HTTPS Redirect 2025

HTTP Event Order -- Access Policy Manager

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

F5 XC and Service Policy/HTTP path

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS