Forum Discussion

Altostratus

Sep 25, 2012

HTTP header security concern

Greetings, we are currently running BIG-IP 10.2.2 Build 763.3 Final. One of our software engineers sent me the email below: " I have concerns that the F5 could potentially allow certain HTTP hea...

app sec

BIG-IP Access Policy Manager (APM)

security

RiverFish

Altostratus

Sep 25, 2012

I think he is concerned that a hacker could spoof the cert subject and then the F5 would inject that spoofed subject into the header, giving an unauthorized user access to the app.

As far as adding code, I am a novice and wouldn't know where to begin.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP header security concern

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Quarterly Security Notification October 2025

Security Headers Insertion

Security headers

iRule to modify a content-security-policy header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS