Forum Discussion

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Oct 26, 2022

Applying APM on an iframe

Hello everyone, I'm having this issue where APM-protected content fails to start APM session if called from an iFrame.  The access session starts at client request time as expected, and I can see t...
application delivery
BIG-IP Access Policy Manager (APM)
security
  • CA_Valli's avatar
    CA_Valli
    Dec 13, 2022

    So we did some more testing, and this is not going to work.

    We've worked with support and experimented with iRules to insert additional headers and cookies into the response, but the behaviour of CORS is that these are always going to be removed. And because APM relies heavily on cookies to function, it does mean that accessing APM-protected content from an iFrame will fail to work. 

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP

Thanks for the very fast response. Will try this out and let you know. 

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Oct 27, 2022

momahdy  I'm running BIG-IP version 16, logon.inc seems related to previous software versions and I have not found similar code in other ".inc" pages within advanced APM policy configuration menu.

 

  • momahdy's avatar
    momahdy
    Icon for Employee rankEmployee
    Oct 29, 2022

    CA_Valli I tried a quick lab with v16.1.2 and can find it in line 140 this is using standard type not the modern type. in case issue still persist it would be very helpful to raise a case to support so that they can better inspect your environment specifically.