Strip HTTP Origin header based on its value before hit the ASM

Question

Hi Everyone
Our app using CORS, and it's working normally with correct origin headers:
Origin:  "://"  [ ":"  ]
But also all mobile clients sending Origin header with value 'file://' this causes (Illegal cross-origin request)
POST /xxx/yyy HTTP/1.1
Host: ddd:8001
Connection: keep-alive
Content-Length: 2
Accept: application/json, text/plain, */*
Origin: file://

i want to add iRule to Strip this header Origin: file:// before hit the ASM and allow normal  Origin headers like: Origin: https://xyz.com:8080 Origin: https://xyz.com:8090

kai_wilke · Answer

Hi Mohanad,
use the iRule below to remove every Origin header that starts_with the string file://.
when HTTP_REQUEST {
    if { [HTTP::header value "Origin"] starts_with "file://" } then {
        HTTP::header remove "Origin"
    }
}

Cheers, Kai

Forum Discussion

Strip HTTP Origin header based on its value before hit the ASM

1 Reply

Recent Discussions

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Request POST Header Rewrite of Origin and Referer

logging original header value, before modification by HTTP profile

7 Steps Checklist before upgrading your F5 BIG-IP

Security headers

Change original source IP to random in ASM logs