Forum Discussion

balcee

Altocumulus

Nov 05, 2024

iRule for Content Security Policy

Hey Guys, hope everyone is well and having a good day.

I'm looking for some help with an iRule that allows me to enable Content Security Policy on a Virtual Server.

Whenever I apply the following, the website breaks (i.e. images don't load, formatting is skewed, etc):

if {!([HTTP::header exists "Content-Security-Policy"])} {

HTTP::header insert Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests"

I've attached the error that is thrown up by the web server when the above is applied. Based on the error, I was thinking of adding 'unsafe-inline' to my iRule in an attempt to relax the policy.

Does anyone have any experience of applying such a rule? I would be very grateful for any assistance.

Thank you

security

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule for Content Security Policy

Recent Discussions

iRule for Content Security Policy

CPU data, control and analytics plane utilization

Scrubbing F5 config for username configuration

Study Guides for 101 Exam

OWSAP Top 10 protection

Related Content

Virtual server security policy

F5 Distributed Cloud Services to Provide Unified Security Policy for Multi-cloud OpenShift Workloads

F5 Security Podcasts

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Re: Ansible playbook to export and import ASM security policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS