Forum Discussion

RichardDumag's avatar
RichardDumag
Icon for Nimbostratus rankNimbostratus
Aug 16, 2021

iRules for 403 forbidden error

Is it possible to create an iRule to remove a specific post request header information to avoid the 403 forbidden error that is generated from an Oracle Apex application? For example the Origin ...
application delivery
ASM Advanced WAF
LTM
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Aug 17, 2021

    Hi RichardDumag,

    You can customize http profile for erase a request header.

    Local Traffic  ››  Profiles : Services : HTTP ›› http-profile ››  Request Header Erase

    Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.

    iRule:

    when HTTP_REQUEST {
	HTTP::header remove "Origin"
}

    uri based:

    when HTTP_REQUEST {
	if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } {
		HTTP::header remove "Origin"
	}
}
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Aug 17, 2021

Hi RichardDumag,

You can customize http profile for erase a request header.

Local Traffic  ››  Profiles : Services : HTTP ›› http-profile ››  Request Header Erase

Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.

iRule:

when HTTP_REQUEST {
	HTTP::header remove "Origin"
}

uri based:

when HTTP_REQUEST {
	if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } {
		HTTP::header remove "Origin"
	}
}