Forum Discussion
LTM Policy - Insert Header on Response
Hi all,
I'm having an issue with LTM policies to insert header on response. Here's the working configuration 1 policy with 3 rules
rules {
Pool1_rule {
actions {
0 {
forward
select
pool Pool1
}
1 {
http-header
response
insert
name Content-Security-Policy
value "frame-ancestors 'self';"
}
2 {
http-header
response
insert
name X-Content-Security-Policy
value "frame-ancestors 'self';"
}
}
conditions {
0 {
http-host
values { pool1.mysite.com }
}
}
}
Pool2_rule {
actions {
0 {
forward
select
pool Pool2
}
}
conditions {
0 {
http-host
values { pool2.mysite.com }
}
}
ordinal 1
}
Pool3_rule3 {
actions {
0 {
forward
select
pool pool3
}
conditions {
0 {
http-host
values { pool3.mysite.com }
}
}
ordinal 2
}
}
status published
strategy /Common/first-match
}
This Policy works because the headers are added in the first rule. If you change the order of the rules, for example add the headers in the second rule the headers are not added on the response.
rules {
Pool2_rule {
actions {
0 {
forward
select
pool Pool2
}
}
conditions {
0 {
http-host
values { pool2.mysite.com }
}
}
}
Pool1_rule {
actions {
0 {
forward
select
pool Pool1
}
1 {
http-header
response
insert
name Content-Security-Policy
value "frame-ancestors 'self';"
}
2 {
http-header
response
insert
name X-Content-Security-Policy
value "frame-ancestors 'self';"
}
}
conditions {
0 {
http-host
values { pool1.mysite.com }
}
}
ordinal 1
}
Pool3_rule3 {
actions {
0 {
forward
select
pool pool3
}
conditions {
0 {
http-host
values { pool3.mysite.com }
}
}
ordinal 2
}
}
status published
strategy /Common/first-match
}
Is this a limitation in LTM Policies?
Thanks,
- CharlesCSCirrus
In the working policy, the header-insert actions are taken when the HTTP Host is "pool1.mysite.com", but the host in the non-working policy is "pool2.mysite.com". Is this what you intended?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com