For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ottleydamian's avatar
ottleydamian
Icon for Cirrus rankCirrus
Aug 17, 2020

Replace X-Frame-Options value

I need help with my syntax because it is not identifying and changing the text/value as expected. The response header in question is: X-FRAME-OPTIONS: ALLOW-FROM https://my.identitymanager.com:84...
ottleydamian's avatar
ottleydamian
Icon for Cirrus rankCirrus
Aug 20, 2020

Unfortunately, neither of these solutions worked. I tried just the remove, to test and that didn't work either. It seems that we are not catching X-Frame-Options, not sure if ALLOW-FROM is considered part of the header. Suggestions? I will keep trying different things

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for Noctilucent rankNoctilucent
    Aug 21, 2020

    Hello Ottley.

    I suspect that you executing those command in a wrong event.

    My iRule:

    when HTTP_RESPONSE {
    HTTP::header replace X-Frame-Options "ALLOW-FROM https://biz.identitymanager.com:8443"
}

    My F5 response:

    < Date: Fri, 21 Aug 2020 06:09:59 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
< Content-Length: 7830
< Connection: close
< Content-Type: text/html; charset=UTF-8
< X-Frame-Options: ALLOW-FROM https://biz.identitymanager.com:8443

    Regards,

    Dario.