Login failed because of invalid referer header

Question

I am deploying F5 after Azure Application Gateway:My setup:internet &gt; Azure Application Gateway (http://&lt;Public IP:8443&gt;) &gt; F5 (https://Private IP:8443)I am able to access the F5 default login page through Azure App GW . But, when i put the user and password it is giving below error :"UnauthorizedThis server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."&nbsp;When i check the console F5 log in tail -f /var/log/httpd/httpd_errors it is giving below error:May 29 13:07:45 localhost.localdomain err httpd[11975]: [f5_auth_cookie:error] [pid 11975] [client x.x.x.x:29516] Login failed because of invalid referer header., referer: http://&lt;PUBLIC&nbsp;IP of APPGW&gt;:8443/tmui/login.jsp1. I am able to login F5 bypassing Application Gateway without any issue.2. I got this article&nbsp;https://my.f5.com/manage/s/article/K81809012&nbsp;and tried multiple value for referer header but no luck.3. I am runinng 17.x version softwareCan someone please help if i am missing something here&nbsp;&nbsp;

srj73 · Answer

Now, I have done few change1. AppGW (port:https [earlier http on 8443]) &gt; F5 (port:https[earlier https on 8443]) (This step is different and New Today)2.&nbsp;Enabled&nbsp;systemauth.permitloginwithoutheaders (yesterday i enabled it during troubleshooting)3. deleted the Refereal Header, (yesterday, i tried this step)&nbsp;then it started giving below error&nbsp;"May 29 17:02:31 localhost.localdomain err httpd[17412]: [auth_pam:error] [pid 17412] [client 10.21.0.4:19958] AUTHCACHE Error processing cookie VKJ4PU96LUgjepNSy1L6HUVOWJNWwr0v7s3C69RO - Cookie impersonation detected from client IP 10.21.0.4 to client IP 10.21.0.6"&nbsp;4. Then as per article&nbsp;https://my.f5.com/manage/s/article/K13048&nbsp;i done the step5. Now, I am able to access the device&nbsp;&nbsp;

enes_afsin_al · Answer

Hi Srj73,
Can you change the service to https on Azure Application Gateway? This warning seems to occur because there is no TLS and referer header contains http.

srj73 · Answer

Now, I changed to HTTPS&nbsp; on AzureGWSame error i am getting:&nbsp;May 29 14:49:31 localhost.localdomain err httpd[3993]: [f5_auth_cookie:error] [pid 3993] [client &lt;private ip&gt;:47018] Login failed because of invalid referer header., referer: https://&lt;Public&nbsp;IP of AZGW&gt;/tmui/login.jsp

enes_afsin_al · Answer

Hi Srj73,
I tested using a different proxy instead of AzureGW.

There was no problem with the default settings.
When I changed the referer header in proxy, I got the same error.

err httpd[28597]: [f5_auth_cookie:error] [pid 28597] [client 172.22.101.205:41795] Login failed because of invalid referer header., referer: https://172.22.199.1/tmui/logmein.html?

When I deleted the referer header in proxy, I got the below error.

err httpd[29765]: [f5_auth_cookie:error] [pid 29765] [client 172.22.101.205:34778] Login is not permitted without a valid referer header or forwarded header when sys db variable systemauth.permitloginwithoutheaders is disabled.
The following method can be applied as a workaround.

Remove Referer header on AzureGW.
Change db parameter.

tmsh modify sys db systemauth.permitloginwithoutheaders value enable

Save config and restart httpd service.

tmsh save sys config
tmsh restart sys service httpd
&nbsp;

leslie_hubertus · Answer

So everything works properly, now?

Forum Discussion

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions