Forum Discussion

Altostratus

Dec 15, 2017

iRule to exclude specific URI from http header insert (x-frame-options) on http_response

Attempting to exclude two URI from a http header insert on a HTTP_RESPONSE. Basically if the URI contains "/wp-login.php" or "/wp-admin" i do not want this header applied on the response. I was pre...

Employee

Dec 17, 2017

Lots of good answers above.

Just to explain the logic of the required structure reflected in the above irules ...

HTTP::uri is not valid in HTTP_RESPONSE

Valid Events:
ASM_REQUEST_DONE, CACHE_REQUEST, CACHE_RESPONSE, HTTP_CLASS_FAILED, HTTP_CLASS_SELECTED,
HTTP_PROXY_REQUEST, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, 
REWRITE_REQUEST_DONE, SERVER_CONNECTED

So you need to set a flag in HTTP_REQUEST that controls the HTTP_RESPONSE action. I hope this helps.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to exclude specific URI from http header insert (x-frame-options) on http_response

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Round-robin method not load balanced

F5 AI Roadmap

F5 object groups in AFM

F5 BGP Peering in Active /Standby Cluster

F5 rSeries || Upgrade tenant

Related Content

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

APM-Specific Features for Securing Your Website

Inserting X-frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS