Forum Discussion

Nimbostratus

Sep 17, 2025

Portal Access Application URI - ERR_EMPTY_RESPONSE

Scenario: Remote users need to access an externally hosted website that is whitelisted to my company's internal IP. Setup: Public facing webtop with resource assignment for a Portal Access Applica...

application delivery

Injeyan_Kostas

Nacreous

Sep 19, 2025

You could override X-Frame-Options or even Content-Security-Policy with an irule like this

when HTTP_REQUEST 
{
    switch [HTTP::host]
    {
        "portal.example.com"
        {
            switch -glob [HTTP::path]
            {
                "/f5-w-<YOUR_APP_HEX>$$/*"
                {
                    set iframe_allow
                }
            }
        }
        default
        {
            drop
        }
    }
}

when HTTP_RESPONSE_RELEASE
{
    if {[info exists iframe_allow])}
    {
		if {([HTTP::header exists "X-Frame-Options"])}
		{
			HTTP::header remove "X-Frame-Options"
		}
		if {([HTTP::header exists "Content-Security-Policy"])}
		{
			set csp [HTTP::header "Content-Security-Policy"]
			append csp " frame-src https://your_target_url;"
			HTTP::header replace "Content-Security-Policy" $csp
		}
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)