CORS control with ASM

Question

Hi All,&nbsp;Good day.  I have a few questions need your expert advice:&nbsp;i have a F5 NLB that host a virtual server as an reverse proxy in the web tier of my 3 tier system. My actual website hosted in my App tier using IIS 8.5, with CORS ext. installed and configured. However, recent VA scan on my system shows that my system did not restrict the CORS properly and allow "access-control-allow-origin" to any hosts. &nbsp;Now, i understand that F5 has an ASM module to enforce security on URLs like CORS but unfortunately my infra team did not purchase the license for this module. May i know, without ASM, does it mean the F5 will overwrite my website response header despite my IIS had restricted the origin?&nbsp;&nbsp;thank you!

cjunior · Answer

Hi,I didn't quite understand the question.Anyway, BIG-IP shouldn't remove headers sent from client and server, when you won't need to do that.Regards.&nbsp;

Forum Discussion

CORS control with ASM

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

CORS implementation

JWT authorization with NGINX Ingress Controller

Distributed caching of authentication requests with NGINX Ingress Controller

ExternalName Service and Authentication Subrequests with NGINX Ingress Controller

Use F5 Distributed Cloud to control Primary and Secondary DNS