Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Modena_'s avatar
Modena_
Icon for Nimbostratus rankNimbostratus
Oct 26, 2017

Change the 302 URL that APM sends back (the original URL requested by client)

Hi, APM seems to work like this; 1) use goes to http://www.url.com/foo/bar 2) APM presents login screen, user authenticates 3) upon successfull authentication, APM sends a 302 back to the cli...
application delivery
BIG-IP Access Policy Manager (APM)
irules
THi's avatar
THi
Icon for Nimbostratus rankNimbostratus
Oct 30, 2017

The HTTP_REQUEST_RELEASE and HTTP_RESPONSE_RELEASE events are the last points at L7 before the packets hit the wire, see : HTTP Event Order -- Access Policy Manager

 

"two new events were added in v11.0 to provide these last chance inspection points, aptly named HTTP_REQUEST_RELEASE and HTTP_RESPONSE_RELEASE. On the serverside, you can now inspect what APM (or any other module) has done to the request before it hits the wire on the way to the server, and likewise, on the clientside, what APM has done to the response before it hits the wire on the way to the client."