Change Cache Control Header on APM Policy

Question

Greetings,&nbsp;Our application security team is requesting that we update the cache-control header on our login page for that uses an APM policy.  Essentially, they are looking for the cache-control header to read as "no-cache, no-store, max-age=0" on the abc.com/my.policy page.  I have attempted to do an iRule to replace the cache-control header as shown below:&nbsp;when CLIENT_ACCEPTED {	ACCESS::restrict_irule_events disable}&nbsp;&nbsp;when HTTP_RESPONSE {&nbsp;&nbsp;HTTP::header replace "Cache-control" "no-cache, no-store, max-age=0"}&nbsp;But this iRule ends up adding a duplicate Cache-control header, one that states "no-cache, no-store, max-age=0" and the original that states "no-cache, must-revalidate."&nbsp;I have also tried going into the Advanced Customization of the APM policy and tried to edit the &lt;meta http-equiv="cache-control" content="no-cache"&gt; in the code to what I need it to be, but every time I make the change and save draft, it reverts back to original statement.&nbsp;Can someone please assist on this issue?  Thank you.

iaine · Answer

Hi&nbsp;Try moving your HTTP::header command to HTTP_RESPONSE_RELEASE so that it gets amended just before being sent

daniela0501 · Answer

Thank you, this worked.

Forum Discussion

Change Cache Control Header on APM Policy

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Announcing F5 NGINX Ingress Controller v4.0.0

Fixup Cache Control Headers

(HTTP) Redirection via Arbitrary Host Header

Overview of API Access Control and implementing API key access control with BIG-IP APM

Distributed caching of authentication requests with NGINX Ingress Controller

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS