Forum Discussion
Preet_pk
Aug 10, 2022Cirrus
Inserting X-frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security
Hi, We have multiple web applications running on a single Virtual server with host/domain based pool routing. For eg: red.lab.ae green.lab.ae irule: when HTTP_REQUEST { switch [string tolower ...
Aug 10, 2022
Hi Preet_pk,
when HTTP_REQUEST {
set status 0
switch [string tolower [HTTP::host]] {
"red.lab.ae" {
pool Red_Pool1
}
"green.lab.ae" {
set status 1
pool Green_Pool1
}
}
}
when HTTP_RESPONSE {
if { $status } {
if { !([HTTP::header exists "Strict-Transport-Security"]) } {
HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains;"
}
if { !([HTTP::header exists "X-Content-Type-Options"]) } {
HTTP::header insert "X-Content-Type-Options" "nosniff"
}
if { !([HTTP::header exists "X-Frame-Options"]) } {
HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
}
if { !([HTTP::header exists "X-XSS-Protection"]) } {
HTTP::header insert "X-XSS-Protection" "1; mode=block"
}
}
}
You may need to change the header values.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects