HTTP Profile linking for ASM

Question

I am new to F5. We have got ASM license and need to implement them. Some of our live virtual servers do not have a http profile linked to it. I understand http profile needs to be linked if asm has to be implemented. Can I go ahead and blindly go ahead with deafult http profile linking? Will there be any production impact? If so, what are things that should be checked/kept in mind before doing so?&nbsp;
I do see SSL Profile (Client) and SSL Profile (Server) attached to virtual server. Does this mean there would be issues if I attach the http profile?&nbsp;
Does changing or implementing http profile require downtime?&nbsp;

nathe · Answer

smalex,&nbsp;
The default http profile is normally sufficient and it's good to see that you are decrypting the traffic (clientssl) as this is also a pre-req for ASM inspection (and the http profile as well). I'm not sure anyone can guarantee that there would be no issues with "blindly" adding the profile. Best practice to do this in a Change window and/or on non-production VIPs.&nbsp;
Good luck, hope this helps.&nbsp;
N&nbsp;

Forum Discussion

HTTP Profile linking for ASM

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Anchor Link Redirect

Enforce RFC Compliance option in http profile

What is HTTP Part V - HTTP Profile Basic Settings

Download file from AWS S3 bucket / http profile

F5 iRules for HTTP compression profile