I rule creation for http headers using Data groups

Question

Hi All
Need your help to create an irule to permit the following http headers and drop all(x-) others. Need to work this through by creating a data group for the below headers so that we don't have to disturb the i rule every time. Your speedy response would be appreciated.
X-XSS-Protection
X-Content-Type-Options
x-frame-options
=====================================================
when HTTP_RESPONSE { 
  Remove all instances of the Server header 
  HTTP::header remove Server 
 Remove all headers starting with x- (i.e. X-Powered-By, X-AspNet-Version, X-AspNetMvc-Version)
foreach header_name [HTTP::header names] {
if {[string match -nocase x-* $header_name]}{ 
     This header needs to be allowed to mitigate clickjacking  
    if {[string match -nocase x-frame-options $header_name]}{   
        continue;
    }

HTTP::header remove $header_name 
  }

} 
}

vernonwells · Answer

Not tested, but this should be close.
when HTTP_REQUEST {
    foreach hn [HTTP::header names] {
        if { $hn starts_with "x-" or $hn starts_with "X-" } {
            if { ![class match $hn equals my-data-group] } {
                HTTP::header remove $hn
            }
        }
    }
}

Forum Discussion

I rule creation for http headers using Data groups

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

(HTTP) Redirection via Arbitrary Host Header

Certified Kubernetes Administrator - Study Group

ha cis multi cluster Openshift route creation

AS3 Json for pool creation

Does NGINX Controller allow the creation of upstream server groups/farms configuraton components?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS