Forum Discussion
CirrocumulusiRule for multiple actions on a single HTTP Response
I'm trying to build a single iRule to possibly perform multiple actions on HTTP responses. The purpose of the iRule is to inspect the HTTP headers in all responses and insert all missing security headers before sending traffic back to the client.
My concern is that by using 'if' and 'elseif' only the first matching condition will be performed.
The intention is the following:
Check if header 1 is missing on the response to the client, and if it is, insert it
Then check if header 2 is missing, and if it is, insert it as well
Then check if header 3 is missing, and if it is, insert it as well
and so on until the last header check, and then finally sent the response to the client with all the missing headers added to it.
Is this possible in a single iRule? Or is it only possible by doing each check and action on separate iRules and then adding all of them to the virtual servers?
This is the initial draft for the iRule:
when HTTP_RESPONSE {
if { !([ HTTP::header exists "X-Frame-Options" ])} { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" }
elseif { !([ HTTP::header exists "X-XSS-Protection" ])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" }
elseif { !([ HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }
elseif { !([ HTTP::header exists "Strict-Transport-Security" ])} { HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains" }
}
Vijay_ECirrus
The entire iRule will be processed and as long as the if-conditionals are unique, you should have all the header inserts that you require. I haven't tried it though. Your iRule looks good on first pass.
Stanislas_Piro2Cumulonimbus
If you use elseif, only one header will be inserted!
Split all conditions in multiple if commands to insert all missing headers.