10-Jun-2022 07:17
Hello,
Anyone knows how if equivalent of "ACCESS::disable" is possible on "OAuth-Resource Server" apm policy?
At the end I want to allow pre-flight CORS calls to bypass the apm. I tried this irule but seems to not be working with F5 as "oauth RS", I still get response "HTTP/1.1 400 Bad Request" because of auth failed.
Thanks
Alexandre.
when HTTP_REQUEST {
if {([HTTP::method] eq "OPTIONS") &&
[HTTP::header exists "Access-Control-Request-Method"] &&
[HTTP::header exists "Access-Control-Request-Headers"] &&
[HTTP::header exists "Origin"] &&
[HTTP::header Origin] ends_with "XXXXXXXXXXX" } {
#log local0. "Disable apm - [HTTP::method] - [HTTP::host][HTTP::uri]"
ACCESS::disable
}
}