Remove authorization header

Question

Hello guys, &nbsp;
we have an application using APM+LTM websso with basic http authentication, we want to remove http authorization header after the first logon.&nbsp;
Thank You&nbsp;

john_huttley · Answer

Hi,&nbsp;
You would expect that after basic succeeds, the server sets a session cookie to authenticate subsequent requests.&nbsp;
Basic auth is just a header&nbsp;
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l &nbsp;
so you could check for the existance of a session cookie and then  
&nbsp;
HTTP::header remove "Authorization"&nbsp;
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx&nbsp;
It does seem to be an odd thing to do since the browser should not send "Authorization" unless asked by the server sending &nbsp;
WWW-Authenticate&nbsp;
https://en.wikipedia.org/wiki/Basic_access_authentication&nbsp;
So I think you will break things.&nbsp;
-John&nbsp;

Forum Discussion

Remove authorization header

1 Reply

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

JWT authorization with NGINX Ingress Controller

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

Even More Hands-On Quantum-Safe PKI: Building Enterprise PQC Certificate Authorities with EJBCA Community Edition

Remove X- Headers From Web Server Response

iRule to Remove Duplicate Header by Value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS