For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jon_Bartlett_10's avatar
Jon_Bartlett_10
Historic F5 Account
Aug 21, 2015

What happens if you try removing the header instead of a replace? What version of TMOS are you running?

 

when HTTP_RESPONSE_RELEASE {

 

foreach header {Content-Security-Policy} {

 

log local0. "Removing $header: [HTTP::header value $header]"

 

HTTP::header remove $header

 

}

 

}

 

  • Abed_AL-R's avatar
    Abed_AL-R
    Icon for Cirrostratus rankCirrostratus
    Mar 12, 2019

    Hi Jon Bartlett

    I came across this issue today , LTM/APM 12.1.3

    I used this iRule you mentioned and it solved the problem in chrome

    In IE edge or 10 the problem still happening

    The thing with IE is that it does not showing the error message , it is just freezing

    I tried even replacing the irule with this one :

    when HTTP_RESPONSE_RELEASE {
foreach header {X-Content-Security-Policy} 
{ log local0. "Removing $header: [HTTP::header value $header]"
HTTP::header remove $header
}
}

    Didn't help..

    If I try to open the web-application internally , without APM , it is working fine with all browsers

    What could be done here?