Forum Discussion
visual2008_3086
Nimbostratus
NimbostratusHTTP header X-XSS-Protection, X-Content-Type-Options issue
I am trying to insert the HTTP header X-XSS-Protection, X-Content-Type-Options in order to mitigate a security vunerability. I have found an irule solution, but when I implemented the solution, a code error appears.Can anyone share the correct syntax for this please? when HTTP_RESPONSE {
if { !([ HTTP::header exists "X-Content-Type-Options“ ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }
if { !([ HTTP::header exists "X-XSS-Protection“ ])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }
01070151:3: Rule [/OHSBC/Ohsbc] error: /OHSBC/Ohsbc:17: error: [parse error: PARSE missingQuote 515 {missing "}][{ !([ HTTP::header exists "X-Content-Type-Options“ ])}] /OHSBC/Ohsbc:18: error: [parse error: PARSE missingQuote 645 {missing "}][{ !([ HTTP::header exists "X-XSS-Protection“ ])}]
Lee_SutcliffeNacreous
You had an incorrect quotation mark at the end of your header type in the IF statement. This was preventing the close braces from working correctly.
I've corrected the code:
when HTTP_RESPONSE { if {!([HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" } if {!([ HTTP::header exists "X-XSS-Protection"])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }
Jad_Tabbara__J1Cirrostratus
Hey
I've only corrected you syntax
when HTTP_RESPONSE { if { ! [HTTP::header exists "X-Content-Type-Options"] } { HTTP::header insert "X-Content-Type-Options" "'nosniff'" } if { ! [HTTP::header exists "X-XSS-Protection"] } { HTTP::header insert "X-XSS-Protection" "1; mode=block" } }Now you should be able to create it.
Please give me a feedback
Regards
FjordanHow can we verify that the iRule for XSS protection works? is there a command to verify the iRule works or a way to test it ?