Change Cache Control Header on APM Policy

Question

Greetings,&nbsp;Our application security team is requesting that we update the cache-control header on our login page for that uses an APM policy.  Essentially, they are looking for the cache-control header to read as "no-cache, no-store, max-age=0" on the abc.com/my.policy page.  I have attempted to do an iRule to replace the cache-control header as shown below:&nbsp;when CLIENT_ACCEPTED {	ACCESS::restrict_irule_events disable}&nbsp;&nbsp;when HTTP_RESPONSE {&nbsp;&nbsp;HTTP::header replace "Cache-control" "no-cache, no-store, max-age=0"}&nbsp;But this iRule ends up adding a duplicate Cache-control header, one that states "no-cache, no-store, max-age=0" and the original that states "no-cache, must-revalidate."&nbsp;I have also tried going into the Advanced Customization of the APM policy and tried to edit the &lt;meta http-equiv="cache-control" content="no-cache"&gt; in the code to what I need it to be, but every time I make the change and save draft, it reverts back to original statement.&nbsp;Can someone please assist on this issue?  Thank you.

iaine · Answer

Hi&nbsp;Try moving your HTTP::header command to HTTP_RESPONSE_RELEASE so that it gets amended just before being sent

daniela0501 · Answer

Thank you, this worked.

Forum Discussion

Change Cache Control Header on APM Policy

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

ExternalName Service and Authentication Subrequests with NGINX Ingress Controller

Overview of API Access Control and implementing API key access control with BIG-IP APM

Using BIG-IP Kubernetes Gateway API Controller

Fixup Cache Control Headers