For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Aug 16, 2021

Solved

iRules for 403 forbidden error

Is it possible to create an iRule to remove a specific post request header information to avoid the 403 forbidden error that is generated from an Oracle Apex application? For example the Origin ...

application delivery

ASM Advanced WAF

Enes_Afsin_Al
Aug 17, 2021
Hi RichardDumag,
You can customize http profile for erase a request header.
Local Traffic ›› Profiles : Services : HTTP ›› http-profile ›› Request Header Erase
Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.
iRule:
when HTTP_REQUEST { HTTP::header remove "Origin" }
uri based:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } { HTTP::header remove "Origin" } }

Icon for Nimbostratus rank

Nimbostratus

Aug 17, 2021

Hi Enes. Thank you for the quick response and information. The request header erase seem to have resolved our issue.

Richard

Security Best Practices for F5 Products

Technical Articles

F5 AppWorld 2026 Registration - early bird pricing.

DevCentral News

Kostas Injeyan - October 2025 Featured Member

DevCentral News

featured member

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5