Last Modified: Nov 25, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
21.0.0, 17.5.1.2, 17.1.3, 16.1.6.1
Opened: Aug 02, 2016 Severity: 3-Major
HOST header not sent in OCSP responder request. APM OCSP responder object uses HTTP/1.0 to send a request to the OCSP responder and HTTP/1.0 does not have a host header.
APM receives an invalid response because the OCSP Server didn't know which site to send the request to due to no HOST header.
OCSP configuration
Create a layer virtual server listening on the IP of the ocsp server and having an irule insert the host header. ltm rule ocsp_insert_http_host { when HTTP_REQUEST { HTTP::header insert Host <e.g. IP address> } }
HOST header added in OCSP responder request for HTTP/1.1.