Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
17.5.1.2, 17.1.3
Opened: Aug 02, 2016 Severity: 3-Major
HOST header not sent in OCSP responder request. APM OCSP responder object uses HTTP/1.0 to send a request to the OCSP responder and HTTP/1.0 does not have a host header.
APM receives an invalid response because the OCSP Server didn't know which site to send the request to due to no HOST header.
OCSP configuration
Create a layer virtual server listening on the IP of the ocsp server and having an irule insert the host header. ltm rule ocsp_insert_http_host { when HTTP_REQUEST { HTTP::header insert Host <e.g. IP address> } }
HOST header added in OCSP responder request for HTTP/1.1.