Forum Discussion

Nimbostratus

Apr 03, 2019

APM CSP header insertion - Rewrite profile

Hi all,

I have noticed a strange thing: The APM inserts a CSP header with all the domains that configured in the bypass list in the rewrite profile.

This is the header that inserted by the APM: Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: jar: data: blob: mediasource: mediastream: https: http://www.femoer.com http://www.shar.com/ http://www.well.net;

I tried to add a the "; domain just for checking and the APM added this domain in the CSP header.

Someone can explain how those two thing are connected ?

application delivery

BIG-IP Access Policy Manager (APM)

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM CSP header insertion - Rewrite profile

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Security Headers Insertion

Rewriting Redirects

Rewrite profile limit on URI rules

Rewriting iRules...LIVE!

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS