Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

MTeeBelgium_646's avatar
MTeeBelgium_646
Icon for Nimbostratus rankNimbostratus
10 years ago

Rewrite header "WWW-Authenticate: Basic realm="

I have a VS with a LDAP authentication profile. Because it is an app communicating with backend we want to surpress the authentication pop-ups the browser gives you when you hit a 401. We were thinki...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
10 years ago

What I'm saying though is that the browser will most likely not handle this non-standard 401 the way you're expecting. As a test, try this on a simple VIP:

when HTTP_REQUEST { 
    if { not ( [HTTP::header exists Authorization] ) } {
        HTTP::respond 401 WWW-Authenticate "Xbasic realm=\"TEST\""
    }
}

What does the browser do? In all of my testing the browser does absolutely nothing. It just stalls.

So if there's no authentication on the backend, and apparently no authentication on the frontend, what are you trying to do?