Forum Discussion
iRules for 403 forbidden error
Is it possible to create an iRule to remove a specific post request header information to avoid the 403 forbidden error that is generated from an Oracle Apex application?
For example the Origin information below triggers a 403 forbidden message when accessing the application using Edge, Chrome, or FireFox.
I would like to create an iRule to remove the Origin information from the header.
Thanks!
----------------------------------------------------------------------------------------------------------------------------------------------------
POST /apex_extprd/wwv_flow.ajax HTTP/1.1
Host: www.testapp.com
Connection: keep-alive
Content-Length: 224
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
Accept: */*
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.73
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://www.testapp.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.testapp.com/apex_extprd/f?p=119:1::::::
Accept-Language: en-US,en;q=0.9
Cookie: ORA_WWV_APP_119=ORA_WWV-ubwLNBy7vUJxSlt4gD_tmjmL
X-Forwarded-For: 192.168.1.101
Hi RichardDumag,
You can customize http profile for erase a request header.
Local Traffic ›› Profiles : Services : HTTP ›› http-profile ›› Request Header Erase
Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.
iRule:
when HTTP_REQUEST { HTTP::header remove "Origin" }
uri based:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } { HTTP::header remove "Origin" } }
Hi RichardDumag,
You can customize http profile for erase a request header.
Local Traffic ›› Profiles : Services : HTTP ›› http-profile ›› Request Header Erase
Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.
iRule:
when HTTP_REQUEST { HTTP::header remove "Origin" }
uri based:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } { HTTP::header remove "Origin" } }
- RichardDumagNimbostratus
Hi Enes. Thank you for the quick response and information. The request header erase seem to have resolved our issue.
Richard
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com