Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Tom_K_185554's avatar
Tom_K_185554
Icon for Nimbostratus rankNimbostratus
Jan 08, 2018

why do connections stop working when http profile is added to virtual server

Hello I found this description that has a nice diagram and explanation https://devcentral.f5.com/questions/requests-are-not-being-passed-from-virtual-server-to-the-pool-member   but at the end it...
application delivery
LTM
crodriguez's avatar
crodriguez
Ret. Employee
Jan 08, 2018

The port 443 virtual would have failed if all it had was an HTTP profile but no client SSL profile. The BIG-IP system can't process the HTTP payload at layer 7 (which is what the HTTP profile tells it to do) if the payload is encrypted - hence the need for a client SSL profile to decrypt it first.

 

The port 80 virtual server should not fail with an HTTP profile, unless the traffic was not HTTP. Having an HTTP profile on this virtual does not matter except from a performance perspective. In other words, if you do not need to process the HTTP payload at L7 (as would be the case if you had an associated iRule that sent an HTTP response), then the HTTP profile is unnecessary. But it should not prevent the virtual server from working.