Dennis_Lee
Jul 02, 2019Nimbostratus
CORS control with ASM
Hi All,
Good day. I have a few questions need your expert advice:
i have a F5 NLB that host a virtual server as an reverse proxy in the web tier of my 3 tier system. My actual website hosted in my App tier using IIS 8.5, with CORS ext. installed and configured. However, recent VA scan on my system shows that my system did not restrict the CORS properly and allow "access-control-allow-origin" to any hosts.
Now, i understand that F5 has an ASM module to enforce security on URLs like CORS but unfortunately my infra team did not purchase the license for this module. May i know, without ASM, does it mean the F5 will overwrite my website response header despite my IIS had restricted the origin?
thank you!