Forum Discussion

Preet_pk's avatar
Preet_pk
Icon for Cirrus rankCirrus
Aug 10, 2022

Inserting X-frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security

Hi, We have multiple web applications running on a single Virtual server with host/domain based pool routing. For eg: red.lab.ae green.lab.ae irule: when HTTP_REQUEST { switch [string tolower ...
application delivery
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Aug 10, 2022

Hi Preet_pk,

when HTTP_REQUEST {
	set status 0
	switch [string tolower [HTTP::host]] {
		"red.lab.ae" {
			pool Red_Pool1
		}
		"green.lab.ae" {
			set status 1
			pool Green_Pool1
		}
	}
}

when HTTP_RESPONSE {
	if { $status } {
		if { !([HTTP::header exists "Strict-Transport-Security"]) } {
			HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains;"
		}
		if { !([HTTP::header exists "X-Content-Type-Options"]) } {
			HTTP::header insert "X-Content-Type-Options" "nosniff"
		}
		if { !([HTTP::header exists "X-Frame-Options"]) } {
			HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
		}
		if { !([HTTP::header exists "X-XSS-Protection"]) } {
			HTTP::header insert "X-XSS-Protection" "1; mode=block"
		}
	}
}

You may need to change the header values.