For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dgytech's avatar
dgytech
Icon for Altostratus rankAltostratus
Mar 29, 2018

iRule response header based on specific URI

Hello- given that a HTTP_RESPONSE does not include host, is there a way to flag a HTTP_REQUEST and then apply a HTTP_RESPONSE header to that flagged traffic? The specific header is as follows:   ...
iRules
LTM
security
crodriguez's avatar
crodriguez
Ret. Employee
Mar 29, 2018

Sure.... There are a couple of different ways to do this. One way would be to save the HTTP::host and HTTP::uri values to a variable on the HTTP_REQUEST event. For example:

when HTTP_REQUEST {
    set host_uri [HTTP::host][HTTP::uri]
}

when HTTP_RESPONSE {
    if { $host_uri eq "abc.com/test" } {
        HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
    }
}

You can tweak the way you save the host and URI on the HTTP_REQUEST event if you are not looking for an exact match on "abc.com/test". You could also make your test of the host and URI on the HTTP_REQUEST event and set a flag that you then check on the HTTP_RESPONSE event to see if you have to insert the X-Frame-Options header. For example:

when HTTP_REQUEST {
    if { [HTTP::host] eq "abc.com" && [HTTP::uri] eq "/test" } {
        set insertXFrame true
    }
}

when HTTP_RESPONSE {
    if { [info exists insertXFrame] && $insertXFrame } {
        HTTP::header insert "X-Frame-Options" "SAMEORIGIN"
    }
}