Forum Discussion
HTTP header X-XSS-Protection, X-Content-Type-Options issue
I am trying to insert the HTTP header X-XSS-Protection, X-Content-Type-Options in order to mitigate a security vunerability. I have found an irule solution, but when I implemented the solution, a code error appears.Can anyone share the correct syntax for this please? when HTTP_RESPONSE {
if { !([ HTTP::header exists "X-Content-Type-Options“ ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }
if { !([ HTTP::header exists "X-XSS-Protection“ ])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }
01070151:3: Rule [/OHSBC/Ohsbc] error: /OHSBC/Ohsbc:17: error: [parse error: PARSE missingQuote 515 {missing "}][{ !([ HTTP::header exists "X-Content-Type-Options“ ])}] /OHSBC/Ohsbc:18: error: [parse error: PARSE missingQuote 645 {missing "}][{ !([ HTTP::header exists "X-XSS-Protection“ ])}]
- Lee_SutcliffeNacreous
You had an incorrect quotation mark at the end of your header type in the IF statement. This was preventing the close braces from working correctly.
I've corrected the code:
when HTTP_RESPONSE { if {!([HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" } if {!([ HTTP::header exists "X-XSS-Protection"])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }
- Jad_Tabbara__J1Cirrostratus
Hey
I've only corrected you syntax
when HTTP_RESPONSE { if { ! [HTTP::header exists "X-Content-Type-Options"] } { HTTP::header insert "X-Content-Type-Options" "'nosniff'" } if { ! [HTTP::header exists "X-XSS-Protection"] } { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }
Now you should be able to create it.
Please give me a feedback
Regards
- FjordanNimbostratus
How can we verify that the iRule for XSS protection works? is there a command to verify the iRule works or a way to test it ?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com