For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bmeyer06_204838's avatar
bmeyer06_204838
Icon for Nimbostratus rankNimbostratus
Jun 02, 2015

iRule - Header Replace Blacklist

I'm trying to the X-Frame-Options header replace for a website, however some of the pages on the site require that setting to NOT be set. So I'm trying to create a black list of pages and this is what I've come up with:

when HTTP_REQUEST {
    set my_host_uri [HTTP::uri]
}
when HTTP_RESPONSE {
    if  { 
            (not ([string tolower $my_host_uri] contains "notThisSubfolder1")) &&
            (not ([string tolower $my_host_uri] contains "notThisSubfolder2")) &&
            (not ([string tolower $my_host_uri] contains "notThisSubfolder3"))
        }
        {
            HTTP::header replace X-Frame-Options "SAMEORIGIN"
        }
}

Should this work? Is there a better way to do this?

application delivery
BIG-IQ
devops
iRules

1 Reply

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Jun 02, 2015

    I think this would work, though for performance sake I would do it a little differently (and your strings are mixed case when you're trying to compare on lowecase)...

    when HTTP_REQUEST {
    set host [string tolower [HTTP::uri]
}
when HTTP_RESPONSE {
    switch -glob $host {
        "*notthissubfolder11*" -
        "*notthissubfolder12*" -
        "*notthissubfolder13*" {
             Do nothing
        }
        default {
             Replace the header value
            HTTP::header replace X-Frame-Options "SAMEORIGIN"
        }
    }
}