Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Jun 16, 2023
Solved

Removing x-frame-options header from response when using APM

Hey everyone! We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withou...
application delivery
BIG-IP Access Policy Manager (APM)
headers
security
  • Juergen_Mang's avatar
    Juergen_Mang
    Jun 19, 2023

    This should do the trick.

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

     

Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP
Jun 19, 2023

This should do the trick.

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

 

  • kimhenriksen's avatar
    kimhenriksen
    Icon for Cirrostratus rankCirrostratus
    Jun 19, 2023

    Will give it a try, just have to wait for the user to test again 🙂

  • kimhenriksen's avatar
    kimhenriksen
    Icon for Cirrostratus rankCirrostratus
    Jun 20, 2023

    That´s a negative on that, your irule was almost identical to mine .. except for the first event. But what i added that, the apm policy doesnt fire at all... When i access the vip there is nothing.

      • kimhenriksen's avatar
        kimhenriksen
        Icon for Cirrostratus rankCirrostratus
        Jun 28, 2023

        Yes, we had some other issues.. and they just appeared at the same time. The first part was what i was missing, so this will not be forgotten in the future.

         

        when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}