For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

spars's avatar
spars
Icon for Altostratus rankAltostratus
Dec 07, 2021
Solved

iRule to Remove Duplicate Header by Value

Via iRule, trying to remove duplicate Strict-Transport-Security headers (developers are unable to), the below code does not seem to work.

 

when HTTP_REQUEST {
 
  foreach a_header [HTTP::header "Strict-Transport-Security"] {
 
   if {[HTTP::header $a_header] eq "max-age=2592000"}{
 
     HTTP::header remove $a_header
   }
  }
}

 

The below seems to work but gets rid of Strict-Transport-Security as a whole, which I do not want to do:

 

when HTTP_RESPONSE {
 foreach header {Strict-Transport-Security} {
  HTTP::header remove "Strict-Transport-Security"
  HTTP::header remove "max-age=2592000"
  } 
}

 

ASM Advanced WAF
iRules
security
  • spalande's avatar
    spalande
    Dec 08, 2021

    You can use something like below

    when HTTP_RESPONSE {
    HTTP::header remove "Strict-Transport-Security"
    HTTP::header insert Strict-Transport-Security "max-age=2592000"
}

2 Replies

  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Dec 08, 2021

    You can use something like below

    when HTTP_RESPONSE {
    HTTP::header remove "Strict-Transport-Security"
    HTTP::header insert Strict-Transport-Security "max-age=2592000"
}
  • spars's avatar
    spars
    Icon for Altostratus rankAltostratus
    Dec 13, 2021

      Appreciate the assist, that worked. Thank you