CORS control with ASM

Question

Hi All,&nbsp;Good day.  I have a few questions need your expert advice:&nbsp;i have a F5 NLB that host a virtual server as an reverse proxy in the web tier of my 3 tier system. My actual website hosted in my App tier using IIS 8.5, with CORS ext. installed and configured. However, recent VA scan on my system shows that my system did not restrict the CORS properly and allow "access-control-allow-origin" to any hosts. &nbsp;Now, i understand that F5 has an ASM module to enforce security on URLs like CORS but unfortunately my infra team did not purchase the license for this module. May i know, without ASM, does it mean the F5 will overwrite my website response header despite my IIS had restricted the origin?&nbsp;&nbsp;thank you!

cjunior · Answer

Hi,I didn't quite understand the question.Anyway, BIG-IP shouldn't remove headers sent from client and server, when you won't need to do that.Regards.&nbsp;

Forum Discussion

CORS control with ASM

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

CORS implementation

JWT authorization with NGINX Ingress Controller

Distributed caching of authentication requests with NGINX Ingress Controller

Using BIG-IP Kubernetes Gateway API Controller

Adding CORS response headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS