Forum Discussion

Nimbostratus

Apr 17, 2019

APM session expired HTTP code

Hello community, I am facing an interesting situation with F5 APM being deployed as a proxy in front of an application. A little background: the application itself is a mix of HTTP/AJAX/JS which...

application delivery

BIG-IP Access Policy Manager (APM)

Kai_Wilke

MVP

Apr 17, 2019

Hi JevgeniR,

APM does not utilize a specific response page for expired sessions. It just starts a new APM session and then redirects the user to /my.policy.

To stop those background JSON request from creating new APM sessions and also to respond those request with a 403 - Access Denied status code, you could attach the iRule below to your Virtual Server.

when ACCESS_SESSION_STARTED {
  if { [HTTP::header value "Accept"] starts_with "application/json" } { 
    ACCESS::session remove ACCESS::respond 401 "Access Denied" 
  } 
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM session expired HTTP code

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

F5 Architecture Track Sessions - AppWorld 2026

HTTP Session Limit

F5 HTTPS Redirect 2025

MCP Session Affinity With F5 NGINX Plus

HTTP session limit

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS