Forum Discussion

Apr 10, 2018

APM irule to add security headers on http_response

I have been trying to add an irule to shore up security on a virtual server. Qualys is reporting vulnerabilities. In this instance, the user hits a F5 login page for manual authentication (user/pass...

BIG-IP Access Policy Manager (APM)

iRules

security

iaine

Nacreous

Apr 10, 2018

Are you not seeing the headers in the APM pages...? If so, you need to expose these to the HTTP irule events using this

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

https://devcentral.f5.com/wiki/iRules.ACCESS__restrict_irule_events.ashx?NoRedirect=1

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM irule to add security headers on http_response

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

F5 XC 503 upstream_reset_before_response_started{protocol_error}

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

Quarterly Security Notification October 2025

Security Headers Insertion

Security headers

iRule to modify a content-security-policy header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS