For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

pedinopa_170325's avatar
pedinopa_170325
Icon for Nimbostratus rankNimbostratus
Feb 02, 2018

security headers

I need some help trying to figure out why my standard security headers are not being applied to a specific VIP. I am inserting X-FRAME-OPTIONS, X-XSS-PROTECTION,CONTENT-SECURITY-POLICY to all my Virtual Servers using an irule. for all VS they work if you scan the DNS NAME (using nmap or securityheaders.io) but if I scan using the IP all but 1 VS passes (just 1 VIP shows no headers, it does show HSTS which I am applying through a policy though. Any thoughts as to why 1 VIP would behave differently than the others?

 

iRules
security

1 Reply

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Feb 04, 2018

    It is difficult to say without understanding your configuration - most likely it is configuration mistake somewhere on that VIP. Is it possible that you have 2 VIPs - one listening on port 80 and another on port 443 and you applied iRule just to one of them?