OCSP through an outbound explicit proxy

Hey DC community, Kevin Stewart here with a fun little project I'd like to share. There have been countless questions about this over the years: how to pass LTM or APM OCSP requests through an out...

Published Dec 05, 2017

Version 1.0

BIG-IP Access Policy Manager (APM)

Employee

Joined March 16, 2006

View Profile

Kevin_Stewart

Employee

Joined March 16, 2006

View Profile

thegeneralmills

Nimbostratus

Apr 09, 2019

Thanks for putting this together. We used part of this method to support some F5s that are out in a PoP where we were not planning on adding SNAT capabilities to the access our OCSP stapling endpoint, it did, however, have access to a data center that did have SNAT enabled. We took the "Proxy iRule" you created and applied it to a Virtual Server in the RFC1918 space with a Pool that consisted of the DNS record of our OCSP stapling endpoint. SNAT from the data center works like a champ, and we didn't have to find a different work around to solve this issue.

Thanks a bunch, very helpful and informative!

OCSP through an outbound explicit proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS