Preflight request with BIG-IP ASM

Question

I have a Web service endpoint that is behind a BigIP server that requires authentication. Before using the Web service, the client (a browser) user must log in and use the cookies returned by the BigIP server to maintain the authentication in all subsequent queries with the Web service.&nbsp;
This works fine so far except for one annoying thing. &nbsp;
As the underlying Web service endpoint requires custom headers, the browser sends out a preflight request to the server. Unfortunately, the cookies are never sent along with the OPTIONS request - this is by design, the browser does not send any credentials during preflight. The query is thus rejected by the BigIP server. The rest of the process cannot continue because of the failed preflight.&nbsp;
What are the solutions that we could use in order to work around this restriction?&nbsp;

samstep · Answer

This is probably because you don't allow OPTIONS method in your ASM policy. If ASM blocking OPTIONS request breaks the rest of your application flow then OPTIONS must be allowed. &nbsp;

Forum Discussion

Preflight request with BIG-IP ASM

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Quick Optimizations for F5 BIG-IP Virtual Edition

F5 BIG-IP Bot Defense - Previous Request and Follow Up Request

Getting Started with BIG-IP Next: Upgrading Central Manager

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM