Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Insert http header to OCSP request

Go to solution
Kaloyan
Cirrus
Cirrus

‎26-Feb-2019 23:55

Hello, I am trying to figure out if it's possible to insert http host header when the F5 makes OCSP request to OCSP responder/server via APM policy? The problem that I have is that F5 sends simple OCSP / POST request without host-header (captured via wireshark) and the OCSP server returns HTTP 302 redirect instead of result of client-cert check. I issued openssl ocsp command with -header Host to the same OCSP server and the cert was checked and proper response was returned.( also captured with wireshark and the only difference in both requests is the host-header). I tried to insert iRule event-box before the OCSP Auth-box and insert the header, but that didn't work.

 

Labels:
1 ACCEPTED SOLUTION

Go to solution
AlexBCT
MVP
MVP
In response to Mattias_Jansso1

‎05-May-2021 02:56

Hi Mattias,

 

Have you seen this one? https://support.f5.com/csp/article/K12552109

It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.

View solution in original post

4 REPLIES 4

Go to solution
Vikash_Ramanla1
Nimbostratus
Nimbostratus

‎27-Feb-2019 19:03

Hi we are also having the same issue. Any assistance will be appreciated.

 

0 Kudos

Go to solution
Mattias_Jansso1
Nimbostratus
Nimbostratus

‎05-May-2021 02:08

I have the exact same issue.

Any updates on this?

0 Kudos

Go to solution
AlexBCT
MVP
MVP
In response to Mattias_Jansso1

‎05-May-2021 02:56

Hi Mattias,

 

Have you seen this one? https://support.f5.com/csp/article/K12552109

It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.

Go to solution
Mattias_Jansso1
Nimbostratus
Nimbostratus
In response to AlexBCT

‎05-May-2021 03:02

Hi Alex!

No!!

Nice work around! 🙂

I will try it, thanks!!

 

0 Kudos
Copyright © 2023 Khoros, LLC