What I should use HTTP or HTTPS in policies?

Question

hello,&nbsp;
&nbsp;I just start working with ASM and there is some details confusing me I hope you help me with that.&nbsp;
&nbsp;In Application-Ready Security Policies there is two type of template HTTP and HTTPS.&nbsp;
&nbsp;What is the different between these policies?&nbsp;
&nbsp;If I was using https and decrypt the data in LTM then sent to ASM decrypted in this case, what I should use
&nbsp;HTTP or HTTPS?&nbsp;
&nbsp;Thank you in advance.&nbsp;

ido_breger_3805 · Answer

Hi, 
&nbsp; You should use HTTPS in this case. 
&nbsp; Cheers, 
&nbsp; Ido

hooleylist · Answer

As Ido says, you'll want to set the protocol to what the virtual server is using on the client side. 
&nbsp;  
&nbsp; Aaron

infosec_38553 · Answer

Thank you all,&nbsp;&nbsp;
&nbsp;I just need more details.&nbsp;
&nbsp;I decided to build the policy in manual (from scratch) and my web site using HTTP and HTTPS together.&nbsp;
&nbsp;Do I need the protocol only when I set the URLs in my policy or I should have two versions one for HTTP and the other for HTTPS?&nbsp;
&nbsp;I think one version is Enough, but to make sure.&nbsp;

Forum Discussion

What I should use HTTP or HTTPS in policies?

3 Replies

Recent Discussions

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

cat and grep command for rst messages

iControl for Gtm wideip

Telemetry streaming to Elasticsearch

Portal Access to HTTPS resources slow

Related Content

iControl REST Cookbook - LTM policy (ltm policy)

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)

HTTP sideband policy checking