Forum Discussion
Roflcopter
Nimbostratus
NimbostratusContent-Security-Policy
I am trying to construct and iRule that will put a variable into a HTTP Header.
The requirements are -
When a client connects set their HTTP:host as a variable for later use Check that the HTTP...
oguzy
Cirrostratus
CirrostratusHi,
The code stated below may work. Can you try it?
when CLIENT_ACCEPTED {
set host_exist 0
}
when HTTP_REQUEST {
set host [HTTP::host]
if { [class match $host contains host_lookup_table] } {
set host_exist 1
}
}
when HTTP_RESPONSE {
if { $host_exist equals 1 } {
HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self' $host"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self' '$host'"
}
else {
HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self'"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
}
}
RoflcopterNimbostratus
NimbostratusHad to add a bit more functionality to the rule. Turned out that the site actually had other sites framed within it so this mean that the original host captured wasn't enough. We also had to return the framed site.
So using a datagroup we could make a key pair using a string and a value, for example host1.com = host2.com.
Then in the irule we capture the HTTP:host in the HTTP_REQUEST, set it as the variable $host, then look that variable up in the datagroup and return its value as the variable $value.
Then $value can be used in the HTTP_RESPONSE
when HTTP_REQUEST {
set host [HTTP::host]
if { [class match $host contains content-security] } {
set host_exist 1
set value [class match -value "$host" equals "content-security"]
}
}
when HTTP_RESPONSE {
if { $host_exist equals 1 } {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self' $value"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self' '$value'"
}
else {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self'"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
}
}
