ACCESS::disable with policy "OAuth-Resource Server" ?

Question

Hello,Anyone knows how if equivalent of "ACCESS::disable" is possible on "OAuth-Resource Server" apm policy?At the end I want to allow pre-flight CORS calls to bypass the apm. I tried this irule but seems to not be working with F5 as "oauth RS", I still get response&nbsp;"HTTP/1.1 400 Bad Request" because of auth failed.Thanks&nbsp;Alexandre.&nbsp;&nbsp;&nbsp;when HTTP_REQUEST {
if {([HTTP::method] eq "OPTIONS") &amp;&amp;
[HTTP::header exists "Access-Control-Request-Method"] &amp;&amp;
[HTTP::header exists "Access-Control-Request-Headers"] &amp;&amp;
[HTTP::header exists "Origin"] &amp;&amp;
[HTTP::header Origin] ends_with "XXXXXXXXXXX" } {
#log local0. "Disable apm - [HTTP::method] - [HTTP::host][HTTP::uri]"
ACCESS::disable
}
}&nbsp;&nbsp;&nbsp;

boneyard · Answer

when you enable the logging does it activate at the correct moment? no errors in the /var/log/ltm about wrong iRule command or such?

alexandre · Answer

It match the if condition, but don't apply the&nbsp;ACCESS::disable. No big surprise as "OAuth-Resource Server" Policy are not classic apm policy...

Forum Discussion

ACCESS::disable with policy "OAuth-Resource Server" ?

2 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Related Content

Disable/Block access to Network Map

Remove the "Server" header

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

"Content Switching" to non-addressable virtual server

How I did it - "Securing Nvidia Triton Inference Server with NGINX Plus Ingress Controller”

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS