Forum Discussion
hooleylist
Dec 12, 2008Cirrostratus
Hi Giuseppe,
The HTTP profile configuration for adding/removing headers is performed before HTTP_REQUEST is triggered. The auth header is read in default HTTP_REQUEST event (priority 500). So that's why the profile option to remove the auth header would prevent the authorization from working.
You can use an iRule with a priority (Click here) set to greater than the default of 500 to remove the auth header after the auth iRule uses it:
when HTTP_REQUEST priority 501 {
Remove the Authorization header after the system authorization iRule runs (at priority 500)
if {[HTTP::header exists Authorization]}{
HTTP::header remove Authorization
}
}
Aaron