Last Modified: Jan 29, 2026
Affected Product(s):
BIG-IP APM, ASM
Fixed In:
12.0.0
Opened: Dec 19, 2013 Severity: 3-Major Related Article:
K15447
With APM and ASM configured, the http "username" will always be inserted on the client-side of the proxy, and removed on the server-side. Any existing "username" headers will be removed in this process.
Customers cannot use their own "username" headers.
APM and ASM configured
when ACCESS_ACL_ALLOWED { set myusername [HTTP::header username] } when HTTP_REQUEST_RELEASE { if { [info exists myusername] } { HTTP::header replace username $myusername } }
None