For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lossless_186906's avatar
lossless_186906
Icon for Nimbostratus rankNimbostratus
Oct 26, 2018

Insert X-Frame-Options Header using LTM Policy

I am looking to insert X-Frame-Options header usnig LTM Policy instead of iRules (less resource intensive). Has anyone done it and can confirm if the following would work please or can suggest a bett...
LTM
security
lossless_186906's avatar
lossless_186906
Icon for Nimbostratus rankNimbostratus
Nov 29, 2018

Just want to update all that I finally implemented the policy and it works perfectly. Ended up adding X-Frame-Options as well as X-XSS-Protection headers. Below is the code for everyone that is looking to do the same:

 

ltm policy policy_HTTP_Security_Headers {
requires { http }
rules {
    rule_Insert_X-Frame-Options_Header {
        actions {
            0 {
                http-header
                response
                insert
                name X-Frame-Options
                value SAMEORIGIN
            }
        }
        conditions {
            0 {
                http-header
                response
                name X-Frame-Options
                not
                values { SAMEORIGIN }
            }
        }
        ordinal 2
    }
    rule_Insert_X-XSS-Protection_Header {
        actions {
            0 {
                http-header
                response
                insert
                name X-XSS-Protection
                value "1;mode=block"
            }
        }
        conditions {
            0 {
                http-header
                response
                name X-XSS-Protection
                not
                values { "1;mode=block" "1; mode=block" }
            }
        }
        ordinal 1
    }
}
strategy all-match
}

Cheers, L