Forum Discussion
dgytech
Altostratus
AltostratusiRule response header based on specific URI
Hello- given that a HTTP_RESPONSE does not include host, is there a way to flag a HTTP_REQUEST and then apply a HTTP_RESPONSE header to that flagged traffic? The specific header is as follows:
...
Sure.... There are a couple of different ways to do this. One way would be to save the HTTP::host and HTTP::uri values to a variable on the HTTP_REQUEST event. For example:
when HTTP_REQUEST {
set host_uri [HTTP::host][HTTP::uri]
}
when HTTP_RESPONSE {
if { $host_uri eq "abc.com/test" } {
HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
}
}
You can tweak the way you save the host and URI on the HTTP_REQUEST event if you are not looking for an exact match on "abc.com/test". You could also make your test of the host and URI on the HTTP_REQUEST event and set a flag that you then check on the HTTP_RESPONSE event to see if you have to insert the X-Frame-Options header. For example:
when HTTP_REQUEST {
if { [HTTP::host] eq "abc.com" && [HTTP::uri] eq "/test" } {
set insertXFrame true
}
}
when HTTP_RESPONSE {
if { [info exists insertXFrame] && $insertXFrame } {
HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
}
}
