dgytech
Dec 15, 2017Altostratus
iRule to exclude specific URI from http header insert (x-frame-options) on http_response
Attempting to exclude two URI from a http header insert on a HTTP_RESPONSE. Basically if the URI contains "/wp-login.php" or "/wp-admin" i do not want this header applied on the response.
I was previously inserting the header on all http_response: (old)
when HTTP_RESPONSE {
HTTP::header insert X-FRAME-OPTIONS "SAMEORIGIN"
}
I now need to exclude two URI from receiving the header: (new)
when HTTP_REQUEST {
if { ( [string tolower [HTTP::uri]] contains "/wp-login.php" )
or ( [string tolower [HTTP::uri]] contains "/wp-admin" )
} then {
set insert_x_frame_options 0
} else {
set insert_x_frame_options 1
}
}
when HTTP_RESPONSE {
if { $insert_x_frame_options } then {
HTTP::header insert "X-FRAME-OPTIONS" "SAMEORIGIN"
}
}
My (new) irule does appear to be working however, i wonder if there is another/better way to accomplish this.
I assume you can not apply "IF uri" logic to a http_response clause. Something like:
when HTTP_RESPONSE {
set low_uri [string tolower [HTTP::uri]]
if { not (
( $low_uri contains "/wp-login.php") or
( $low_uri contains "/wp-admin" )
)
} then {
HTTP::header insert X-FRAME-OPTIONS "SAMEORIGIN"
}
}
I hope this makes sense, any assistance/thoughts would be appreciated. Many Thanks!