Configuring the BIG-IP and PHP "Hack-It-Yourself" Auction Site

I've been writing a series of articles on the features and capabilities of the BIG-IP ASM...here are the links for your reading pleasure: What Is The ASM? Policy Building The Importance of File...
Published Sep 25, 2013
Version 1.0
ASM Advanced WAF
BIG-IP
security
Duncan_Proffitt's avatar
Duncan_Proffitt
Icon for Altostratus rankAltostratus
Apr 06, 2018

Great post. So, doing this in HTTP worked like a dream. Some crazy SSL stuff HAD to be done. (the challenge was on!)

Set up different VS (although using the same dest add, but with different port - 443) Created custom pool as well (added a custom ssl monitor to see what's happening - still red) Pool member 10.128.20.150:443 - showing down (although parent node 10.128.20.150 is showing up)

Created custom SSL client profile Created self-signed cert & key to add to the custom profile But when https://10.128.10.35/ I get the attempted cert exchange, but it fails with .. 

An error occurred during a connection to 10.128.10.35. SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

So, my thoughts were that the cert is at fault. (we'll get to that later)

The HTTP stuff works ok.

So a couple questions from the Noob

1) Can I set up HTTP & HTTPS profiles for the site to run side-by-side, or will I have to bring down the HTTP vs? 2) I set up a self cert to make this happen, I assume that any details will be acceptable in the cert, and I dont have to use the settings in the training manuals? 3) Are there specific settings in the self-cert creation I need for this exercise Thanks in advance D.

SOLUTION FOUND - PICNIC (Problem in chair, not in computer) One HAS to remember to allow 443 on the self IP!! (DOH) {slinks away, slightly ashamed}