For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tjp's avatar
tjp
Icon for Nimbostratus rankNimbostratus
Feb 26, 2015

APM redirect to /my.policy stripping POST data

I have a condition where an unauthenticated user sends a POST request to a F5 virtual server running Access Policy. As part of the authentication process, the F5 redirects the original POST to /my.po...
BIG-IP Access Policy Manager (APM)
security
tjp's avatar
tjp
Icon for Nimbostratus rankNimbostratus
Feb 26, 2015
Some of the question was truncated. The question was: I have a condition where an unauthenticated user sends a POST request to a F5 virtual server running Access Policy. As part of the authentication process, the F5 redirects the original POST to /my.policy which, in turn, responds with HTML that contains a HTML form that gets automatically submitted requesting the original content. This time without the POST data! Has anyone encountered this?