Last Modified: Jun 28, 2025
Affected Product(s):
BIG-IP SSLO
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Opened: Aug 09, 2024 Severity: 4-Minor
The traffic summary for an SSL Orchestrator explicit proxy topology in the apm logs when log levels are set to Information does not display the hostname for the connection. Instead just `http (NA)` is displayed.
The traffic summary log message is incomplete not displaying the hostname.
An explicit proxy topology is deployed that uses a Secure Web Gateway (SWG) as a service to process traffic and the SWG rejects an http connection coming through the proxy.
There is no workaround for the traffic summary log message. Instead the hostname would need to be logged in a different way such as 1. Use a logging macro in the Secure Web Gateway's Per-Request-Policy 2. Enable Log Blocked Events in the logging profile attached to the Secure Web Gateway's access profile (note this would get logged to a different location then the apm log) 3. Set the SSL Orchestrator Generic log level to Debug for more log messages including the hostname 4. Use a custom iRule to use the logging mechanism from the "-lib" irule created for the explicit proxy topology to log the explicit proxy request host (using the shared XPHOST var) in the CLIENT_ACCEPT (can see the created -in_t irule as an example)
None