F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Vinne73's avatar
Vinne73
Icon for Cirrus rankCirrus
Dec 04, 2014

Problem with detecting form: why use headers on HTTP_REQUEST, and not on HTTP_RESPONSE

Hi,

 

I'm trying to recognise/detect a login form on the back-end application. There is no unique login URI and sometimes the client has a cookie while the back-end asks to log in again.

 

I have found that the back-end application supplies a HTTP header with the response ("RespondingWithSignonPage"), indicating that a login is required.

 

Now, I want to enter this into my Form - Client Initiated, Form Detection. I select Header, enter "RespondingWithSignonPage". It doesn't work. Then I read the documentation, and it appears that this relates to headers sent by the client (HTTP_REQUEST), not during the response.

 

Is my assumption correct? Why would it be like that? How can I detect a form based on the cookies and headers of the client? Seems like they got it reversed?

 

Thank you Vincent

 

BIG-IP Access Policy Manager (APM)
deployment
security

2 Replies

  • Belanger__Yves's avatar
    Belanger__Yves
    Icon for Altostratus rankAltostratus
    Aug 01, 2016

    Hi,

     

    I think I found a simpler solution. I use the advance option request negative for the session cookie.

     

    Thanks Yves