Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

Removing x-frame-options header from response when using APM

Go to solution
kimhenriksen
Cirrostratus
Cirrostratus

‎16-Jun-2023 05:41

Hey everyone!

We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?

I´ve tried several irules at different events to remove the header, but without any progress..

 

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
Juergen_Mang
MVP
MVP

‎19-Jun-2023 06:12

This should do the trick.

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

 

View solution in original post

Go to solution
Juergen_Mang
MVP
MVP
In response to kimhenriksen

‎20-Jun-2023 23:03

The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.

Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html

 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Juergen_Mang
MVP
MVP

‎19-Jun-2023 06:12

This should do the trick.

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

 

Go to solution
kimhenriksen
Cirrostratus
Cirrostratus
In response to Juergen_Mang

‎19-Jun-2023 06:32

Will give it a try, just have to wait for the user to test again 🙂

0 Kudos

Go to solution
kimhenriksen
Cirrostratus
Cirrostratus
In response to Juergen_Mang

‎20-Jun-2023 07:30

That´s a negative on that, your irule was almost identical to mine .. except for the first event. But what i added that, the apm policy doesnt fire at all... When i access the vip there is nothing.

0 Kudos

Go to solution
Juergen_Mang
MVP
MVP
In response to kimhenriksen

‎20-Jun-2023 23:03

The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.

Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html

 

0 Kudos

Go to solution
kimhenriksen
Cirrostratus
Cirrostratus
In response to Juergen_Mang

‎28-Jun-2023 01:56

Yes, we had some other issues.. and they just appeared at the same time. The first part was what i was missing, so this will not be forgotten in the future.

 

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

 

0 Kudos
Copyright © 2023 Khoros, LLC