Forum Discussion

Nimbostratus

Sep 24, 2018

CORS Enforcement on ASM

Hello, has anyone had success enforcing CORS through ASM. I have enabled and and allowed a wildcard for origins (for testing only), but I'm still unsuccessful seeing the headers replaced when I run a...

ASM Advanced WAF

security

Erik_Novak

Employee

Sep 24, 2018

For Enforcement Mode, are you using "Enforce on ASM", "Remove all CORS Headers", or "Replace CORS Headers"? The idea is that ASM will compare the Origin header to the list of host names in your policy and the allowed origins for the respective URL (or wildcard in your case.)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CORS Enforcement on ASM

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

LLM Prompt Injection Detection & Enforcement

AI Token Limit Enforcement

CORS implementation

WS-Shield: WebSocket Abuse Detection & Adaptive Enforcement Gateway

Enforcing CORS With LineRate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS