Forum Discussion

irshad's avatar
irshad
Icon for Nimbostratus rankNimbostratus
Sep 09, 2019

Inserting Iframe in Header for one of URL

Dear Community,

 

We have a VIP on which 15 URLs are terminated, now the request is to allow iFrame headers in one of URL. Please suggest how we can add on one URL.

 

Need to apply iFrame iRuel for header insertion on URL: utilesourcedev.test.com

 

Existing iRULE:

when CLIENT_ACCEPTED {

#If http is detected, disable the Clientside Profile

#This is needed because the SSL Profile is configured as enabled by default on the VIP

if { [TCP::local_port] == 80 }{

SSL::disable clientside

}

#If https is detected, enable the Clientside Profile (Enabled by Default)

if { [TCP::local_port] == 443 }{

SSL::enable clientside

}

}

 

when SERVER_CONNECTED {

if { [TCP::server_port] == 80 }{

SSL::disable serverside

}

}

 

when HTTP_REQUEST {

if {([TCP::local_port] == 80) and ([string tolower [HTTP::host]] != "utilities.test.com") and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaqd.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/proddata.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaq.cfm"))}{

HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]

return

}

 

switch -glob [string tolower [HTTP::host]] {

"utilesource.test.com" {

node 1.1.1.1:443

}

"utilesourcedev.test.com" {

node 1.1.1.2:443

}

"utlmfprd01.test.com" {

#Might need to put an exclusion for the http redirect for this site.

SSL::disable serverside

node 1.1.1.3:80

}

"access360.test.com" {

node 1.1.1.4:443}

"wsecomm.test.com" {

node 1.1.1.5:443}

"amisvcs.test.com" {

SSL::disable serverside

node 1.1.1.6:8080

}

"qual-amisvcs.test.com" {

SSL::disable serverside

node 1.1.1.7:8084

}

"amisvcs-i.test.com" {

SSL::disable serverside

node 1.1.1.8:8081

}

}

}

 

iFrame Header Insertion iRule:

 

when HTTP_RESPONSE {

if { not([HTTP::header exists "X-Frame-Options"])}{

HTTP::header insert X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

} else {

HTTP::header replace X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

 } 

}

  • Hi

     

    You could edit your HTTP_REQ logic so that you create a variable for utilesourcedev.test.com like this

     

    utilesourcedev.test.com

    "utilesourcedev.test.com" {

    node 1.1.1.2:443

    set xframe 1

    }

     

    Then, on the HTTP_RESP look for the presence of this variable and if it exists, insert the xframe headers

     

    when HTTP_RESPONSE {

    if {[info exists xframe]}{

    if { not([HTTP::header exists "X-Frame-Options"])}{

    HTTP::header insert X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

    } else {

    HTTP::header replace X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

    }

     } 

    }

    • irshad's avatar
      irshad
      Icon for Nimbostratus rankNimbostratus

      Hi Iaine,

       

      Thanks for the suggestion, So finally the iRules looks below right or any modification required.

       

      Please review once.

       

      when CLIENT_ACCEPTED {

      #If http is detected, disable the Clientside Profile

      #This is needed because the SSL Profile is configured as enabled by default on the VIP

      if { [TCP::local_port] == 80 }{

      SSL::disable clientside

      }

      #If https is detected, enable the Clientside Profile (Enabled by Default)

      if { [TCP::local_port] == 443 }{

      SSL::enable clientside

      }

       

      }

       

      when SERVER_CONNECTED {

      if { [TCP::server_port] == 80 }{

      SSL::disable serverside

      }

      }

       

      when HTTP_REQUEST {

      if {([TCP::local_port] == 80) and ([string tolower [HTTP::host]] != "utilities.test.com") and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaqd.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/proddata.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaq.cfm"))}{

      HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]

      return

      }

       

      switch -glob [string tolower [HTTP::host]] {

      "utilesource.test.com" {

      node 1.1.1.1:443

      }

      "utilesourcedev.test.com" {

      node 1.1.1.2:443

                  set xframe 1

      }

      "utlmfprd01.test.com" {

      #Might need to put an exclusion for the http redirect for this site.

      SSL::disable serverside

      node 1.1.1.3:80

      }

      "access360.test.com" {

      node 1.1.1.4:443}

      "wsecomm.test.com" {

      node 1.1.1.5:443}

      "amisvcs.test.com" {

      SSL::disable serverside

      node 1.1.1.6:8080

      }

      "qual-amisvcs.test.com" {

      SSL::disable serverside

      node 1.1.1.7:8084

      }

      "amisvcs-i.test.com" {

      SSL::disable serverside

      node 1.1.1.8:8081

      }

      }

      }

       

      when HTTP_RESPONSE {

       

      if {[info exists xframe]}{

       

      if { not([HTTP::header exists "X-Frame-Options"])}{

       

      HTTP::header insert X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

       

      } else {

       

      HTTP::header replace X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com}

       

      }

       

       } 

       

      }