Forum Discussion
How to allow 405 response code for certain HTTP Header?
Hi,
If we have a certain header that is blocked by response code 405 and we need WAF to allow response code 405 if it sees this header in the request , how we can achieve that in F5?
- Aswin_mkCumulonimbus
Can u pls try with irule if possible.
when HTTP_REQUEST {
if { [HTTP::header exists "X-Special-Header"] } {
set allow_405 1
} else {
set allow_405 0
}
}when HTTP_RESPONSE {
if { $allow_405 } {
if { [HTTP::status] == 405 } {
# Allow the 405 response if the special header was present in the request
# Optionally log this event
log local0. "Allowing 405 response for request with X-Special-Header"
} else {
# Reset the allow_405 flag if the response status is not 405
set allow_405 0
}
}
}- logan92Altocumulus
Hi,
what is the action for this part? it will allow 405 response code if it sees this special header in the request?
if { [HTTP::status] == 405 } {
# Allow the 405 response if the special header was present in the request
# Optionally log this event
log local0. "Allowing 405 response for request with X-Special-Header"
- Aswin_mkCumulonimbus
Hi Logan, before setting an action did you tried Create a Blocking Exception:
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/25.html
&
Navigate to Security -> Application Security -> Security Policies -> Blocking Settings.
Add a new blocking exception rule that triggers on the condition where the specific header is present in the request and the response code is 405.
Configure the Blocking Exception:
Specify the condition to match the specific header (X-Custom-Header in your case) using the appropriate expression language provided by F5 ASM.
Set the action for this exception to allow the response code 405. You can specify the action to "Allow" or "Log" depending on your security policy requirements.
WAF is best solution rather then TCL iRule. Find the WAF seetings.
Navigate to Security ›› Application Security : Security Policies : Policies List ›› Select_WAF_Policy
General Setting --> Basic HTTP Message Settings --> SAVE & apply the policy
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com