httponly option without http profile

Question

Hi All&nbsp;
Is it at all possible to enable the httponly option other than using cookie or ASM?&nbsp;
Reason for the question is that I am trying to enable ASM for IBM Endpoint Manager for Remote Control. As soon as I enable the http profile the connection does not initiate correctly, the user gets the initial logon page and it hangs on when the secure connection is trying to be established between the user and server.&nbsp;
I am thinking that it has something to do with that the Endpoint Manager is creating some sort of Tunnel and does not want anyone to inspect or look at the traffic in anyway, thus does not work when enabling http profile. As this allows the F5 to see the traffic flow.&nbsp;
Any suggestions? anyone been able to use IBM Endpoint Manager for Remote Control with ASM enabled?&nbsp;
Thanx
Sulaiman&nbsp;

robert_teller_7 · Answer

You can try enabling the HTTP Profile and then using an iRule to disable HTTP for any request that isn't RFC compliant.
I have attached a snippet that will verify that the first portion of the request contains a string followed by a forward slash.
For an HTTP Request
when CLIENT_ACCEPTED  {
    HTTP::disable

TCP::collect 20
}
when CLIENT_DATA {
    scan [TCP::payload] {%s %c} METHOD REQUEST
    if {$METHOD ne "" &amp;&amp; $REQUEST eq "/"}
    {
        HTTP::enable
    }

TCP::release
}

For an HTTPS Request
when CLIENT_ACCEPTED  { HTTP::disable }
when CLIENTSSL_CLIENTHELLO { SSL::collect 20}

when CLIENTSSL_DATA {
    scan [SSL::payload] {%s %c} METHOD REQUEST
    if {$METHOD ne "" &amp;&amp; $REQUEST eq "/"}
    {
        HTTP::enable
    }
    SSL::release
}

sl · Answer

Hi Robert
I created and enabled the iRule, it still says that I need to enable a SSL Profile

brad_parker · Answer

You can not use an HTTP profile without a ClientSSL profile for HTTPS traffic. Is your virtual server HTTP or HTTPS? If it is HTTPS and you need end-to-end SSL you will also need a ServerSSL profile to re-encrypt.

brad_parker_139 · Answer

You can not use an HTTP profile without a ClientSSL profile for HTTPS traffic. Is your virtual server HTTP or HTTPS? If it is HTTPS and you need end-to-end SSL you will also need a ServerSSL profile to re-encrypt.

sl · Answer

Hi Brad

That is the way I understand it to work as well, was just asking if anyone was able to get it to work without the http profile.

It is a https virtual server, the issue is application related in that it does not allow us to inspect the traffic, thus when I enable the http profile the application doesnt work via the F5.

Forum Discussion

httponly option without http profile

8 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Server Profile SNI

Update your DevCentral user profile

DoS Profiles

Parsing F5 BIG-IP LTM DNS profile statistics and extracting values with Python

Bot defence profile on F5 ASM