For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ravi44's avatar
Ravi44
Icon for Nimbostratus rankNimbostratus
Oct 07, 2021

datagroup in the content security policy

Hi,

 

We have a functional irule with the following csp:

 

when HTTP_RESPONSE {

 

 if { [HTTP::header X-AH-Environment] contains "dev" }

   {

                HTTP::header insert "Content-Security-Policy" "media-src https://abc.com https://xyz.com blob: *"

                HTTP::header insert "X-XSS-Protection" "1; mode=block"

                HTTP::header insert "X-Content-Type-Options" "nosniff"

                HTTP::header insert "Strict-Transport-Security" "max-age=31536000; includeSubDomains"

   }

 

We would like to use a data group in the media-src to add more client urls in future.

Is there a way I can define a variable to point to the data group and invoke $variable in the csp?

 

 

Thanks,

 

Ravi

iRules
LTM
security

2 Replies

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Oct 07, 2021

    Hi Ravi,

    HTTP::header insert "Content-Security-Policy" "media-src [class names datagroup-name] blob: *"
  • Ravi44's avatar
    Ravi44
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2021

    Hi Enes,

     

    It worked!! Thanks a lot for the simple fix.

     

    Regards,

     

    Ravi.