BASIC Auth on APM for web server

Question

I am trying to put authentication in from of a IIS web server that is not running any kind of authentication.&nbsp;
I can get it to work successfully by using a logon page ie -&nbsp;
&nbsp;
However as this is going to be called by a web service a logon page is not an option.  Instead I am looking to present a 401 response using BASIC authentication.  See below -&nbsp;
&nbsp;
The problem I am having is that while it is authenticated and there is a session created the F5 is then trying to present the credentials entered in the 401 challenge to the web server in the default pool.&nbsp;
I don't want to present the credentials to the web server as the whole problem I am trying to solve is the fact that the web server is not running any authentication.&nbsp;

stanislas_piro2 · Answer

Hi,
you can remove credentials with irule:
when ACCESS_ACL_ALLOWED {
    HTTP::header remove "Authorization"
}

Forum Discussion

BASIC Auth on APM for web server

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

AST Configuration Assistance

Floating IP responds from wrong VLAN/trunk

expandsSubcollections and filtering in F5 SDK

F5 i-series Guests to r-series tenants migration

Building new F5 replica

Related Content

Insert Basic Auth Header

Implementing basic OAuth with F5 BIG-IP APM

Troubleshooting BIG-IP - The Basics

Getting Started with iRules: Basic Concepts

Basic OAuth concept and OAuth with F5 solutions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS