Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Roflcopter's avatar
Roflcopter
Icon for Nimbostratus rankNimbostratus
Feb 11, 2018

Content-Security-Policy

I am trying to construct and iRule that will put a variable into a HTTP Header. The requirements are - When a client connects set their HTTP:host as a variable for later use Check that the HTTP...
irules
LTM
security
oguzy_191375's avatar
oguzy_191375
Icon for Nimbostratus rankNimbostratus
Feb 12, 2018

Hi,

 

The code stated below may work. Can you try it?

 

    when CLIENT_ACCEPTED {
        set host_exist 0
    }   

    when HTTP_REQUEST {
       set host [HTTP::host]
       if { [class match $host contains host_lookup_table] } {
          set host_exist 1        
       }
    } 

    when HTTP_RESPONSE {
       if { $host_exist equals 1 } {
           HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self' $host"
           HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self' '$host'"
       }
       else {
           HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self'"
           HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
       }
    }
Roflcopter's avatar
Roflcopter
Icon for Nimbostratus rankNimbostratus
Feb 12, 2018

Thanks a lot. Looks like it would work, I like the way you used a second variable that can be used when making the decision on what to send back to the client, so nice and simple!

 

I'll give it a test run tomorrow, thanks for taking the time to post a response!