mf5
Dec 10, 2018Nimbostratus
Remove authorization header
Hello guys,
we have an application using APM+LTM websso with basic http authentication, we want to remove http authorization header after the first logon.
Thank You
Hello guys,
we have an application using APM+LTM websso with basic http authentication, we want to remove http authorization header after the first logon.
Thank You
Hi,
You would expect that after basic succeeds, the server sets a session cookie to authenticate subsequent requests.
Basic auth is just a header
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
so you could check for the existance of a session cookie and then
HTTP::header remove "Authorization"
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
It does seem to be an odd thing to do since the browser should not send "Authorization" unless asked by the server sending
WWW-Authenticate
https://en.wikipedia.org/wiki/Basic_access_authentication
So I think you will break things.
-John