Forum Discussion
So by what you are saying, my variable would have different values each based on the specific session?
About your question on ASM and the policy, I wish :) It's a corporate standard applied on all ASM and they don't want to deviate for particular cases :/ That would be too simple.
Thanks again.
Yes, that is correct. Unless you specifically make a variable global/static, it will not be shared accross sessions.
One additional idea: You could disable the violation via iRule, if the ASM policy has ASM iRule events enabled. See here: https://support.f5.com/csp/article/K15573541
Not sure if that would necessarily be "better", I just have an aversion against rewriting requests/responses.
PS: One more thing regarding your initial idea. Server response doesn't typically include a host header. I don't think that header replace statement will ever do anything.
If the server response has fully qualified links which are based on the request host header, you may have to rewrite those links in the response content (which could be difficult).