Forum Discussion

RichardDumag's avatar
RichardDumag
Icon for Nimbostratus rankNimbostratus
Aug 16, 2021

iRules for 403 forbidden error

Is it possible to create an iRule to remove a specific post request header information to avoid the 403 forbidden error that is generated from an Oracle Apex application? For example the Origin ...
application delivery
ASM Advanced WAF
LTM
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Aug 17, 2021

    Hi RichardDumag,

    You can customize http profile for erase a request header.

    Local Traffic  ››  Profiles : Services : HTTP ›› http-profile ››  Request Header Erase

    Request Header Erase: Indicates the name of an HTTP request header that the BIG-IP system removes from the client request. Only one header can be removed per pool, unless you are using LTM Policies or iRules.

    iRule:

    when HTTP_REQUEST {
	HTTP::header remove "Origin"
}

    uri based:

    when HTTP_REQUEST {
	if { [string tolower [HTTP::uri]] equals "/apex_extprd/wwv_flow.ajax" } {
		HTTP::header remove "Origin"
	}
}
RichardDumag's avatar
RichardDumag
Icon for Nimbostratus rankNimbostratus
Aug 17, 2021

Hi Enes. Thank you for the quick response and information. The request header erase seem to have resolved our issue.

 

Richard