Adding securityheaders

Question

Hello,&nbsp;
I have a situation where there is many websites behind one virtual server and I would need to enable securityheaders.io recommended headers to responses. &nbsp;
Is there any ways to apply header only to one host which is behind the vip. HSTS would propably break something if applied to the VIP from etc. http profile?&nbsp;
And other question is about doing this in the webserver? Is there any reason those headers can't be added in IIS if f5 is doing ssl offloading or briding. Both offloading and bridging are used in same vip through policies. &nbsp;
Any help is much appreciated!&nbsp;
BR &nbsp;
Teemu&nbsp;

lee_sutcliffe · Answer

This can easily be done per server IP on an HTTP response. 
For example:
when HTTP_RESPONSE {
    if {[IP:addr [IP:server_addr] equals 10.10.10.10]} {
    HTTP::header insert header-name header-value
     }
}

stanislas_piro2 · Answer

Hi,&nbsp;
Jason Rahm shared in codeshare section a ready to use irule about security headers insertion in HTTP responses:&nbsp;
https://devcentral.f5.com/codeshare/security-headers-insertion&nbsp;

Forum Discussion

Adding securityheaders

Recent Discussions

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

Related Content

adding pool members in cli

Yubikey Authentication Modes and Azure AD integration via the APM

Multiple AD Authentication

SecurityHeaders

Getting Started with BIG-IP Next: Adding Instances to Central Manager

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS