Forum Discussion

Altostratus

Sep 25, 2012

HTTP header security concern

Greetings, we are currently running BIG-IP 10.2.2 Build 763.3 Final. One of our software engineers sent me the email below: " I have concerns that the F5 could potentially allow certain HTTP hea...

app sec

BIG-IP Access Policy Manager (APM)

security

What_Lies_Bene1

Cirrostratus

Sep 25, 2012

So, just to clarify, the concern is that the header you insert is a security risk? I'm not sure how this could be a problem and why he'd refer to headers coming in from the outside world. Regardless, perhaps you could add some code to delete other 'dodgy' headers and also delete any existing instance of the header you plan to insert, before you insert it, to prevent any spoofing by the client.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP header security concern

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Quarterly Security Notification October 2025

Security Headers Insertion

Security headers

iRule to modify a content-security-policy header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS