Insert http header to OCSP request

Question

Hello,
I am trying to figure out if it's possible to insert http host header when the F5 makes OCSP request to OCSP responder/server via APM policy? The problem that I have is that F5 sends simple OCSP / POST request without host-header (captured via wireshark) and the OCSP server returns HTTP 302 redirect instead of result of client-cert check. I issued openssl ocsp command with -header Host to the same OCSP server and the cert was checked and proper response was returned.( also captured with wireshark and the only difference in both requests is the host-header).
I tried to insert iRule event-box before the OCSP Auth-box and insert the header, but that didn't work.&nbsp;

alexbct · Accepted Answer

Hi Mattias, &nbsp;Have you seen this one? https://support.f5.com/csp/article/K12552109 It looks like it's a known problem and the proposed solution by F5 is to create an additional virtual server and attach a small iRule to it that injects the Host header.

vikash_ramanla1 · Answer

Hi we are also having the same issue.  Any assistance will be appreciated.&nbsp;

mattias_jansso1 · Answer

I have the exact same issue.  Any updates on this?

mattias_jansso1 · Answer

Hi Alex!No!! Nice work around! :)I will try it, thanks!!&nbsp;

Forum Discussion

Insert http header to OCSP request

4 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Security Headers Insertion

C3D and header insert

iRule header insert

Insert Basic Auth Header

iRule Header Insert