Bug ID 579525: Rewrite doesn't use CONNECT method for https proxy

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Opened: Mar 10, 2016
Severity: 3-Major

Symptoms

The rewrite plugin does not implement forwarding HTTPS requests through the HTTPS proxy correctly; however, forwarding HTTP requests through the HTTP proxy does work correctly.

Impact

Users are unable to connect to this resource

Conditions

APM portal access resource configured with https:// scheme

Workaround

To work around the problem, create a layered virtual server to catch HTTPS traffic leaving APM and forward it to a HTTPS proxy server using CONNECT. Proxy authentication is not implemented and if the response status from HTTPS proxy server is not 200, then use an iRule to close the connection

Fix Information

None

Behavior Change