Forum Discussion

logan92's avatar
logan92
Icon for Altocumulus rankAltocumulus
Jul 10, 2024

How to allow 405 response code for certain HTTP Header?

Hi, If we have a certain header that is blocked by response code 405 and we need WAF to allow response code 405 if it sees this header in the request , how we can achieve that in F5?       
security
Aswin_mk's avatar
Aswin_mk
Icon for Cumulonimbus rankCumulonimbus
Jul 10, 2024

Hi Logan, before setting an action did you tried Create a Blocking Exception: 

 https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/25.html

&

Navigate to Security -> Application Security -> Security Policies -> Blocking Settings.

Add a new blocking exception rule that triggers on the condition where the specific header is present in the request and the response code is 405.

Configure the Blocking Exception:

 

Specify the condition to match the specific header (X-Custom-Header in your case) using the appropriate expression language provided by F5 ASM.

Set the action for this exception to allow the response code 405. You can specify the action to "Allow" or "Log" depending on your security policy requirements.