Forum Discussion
Cooler_184565
Nimbostratus
NimbostratusSome doubts about iRule to control header
Hi there, I was wondering if you guys could help me with some doubts I'm having with the creation of some iRules to protect some vulnerabilities In this particular case I need to remove Cacheable SSL headers, to hide any information about cache, so I created this iRule:
iRule:
foreach header {Cache-Control Pragma Expires} {
while { [HTTP::header exists $header] } {
HTTP::header remove $header
}
}
HTTP::header insert "Cache-Control " "no-cache, no-store, must-revalidate"
HTTP::header insert "Pragma" "no-cache"
HTTP::header insert "Expires" "0"iRule:
foreach header {Cache-Control Pragma Expires} {
while { [HTTP::header exists $header] } {
HTTP::header remove $header
}
}HTTP::header insert "Cache-Control " "no-cache, no-store, must-revalidate"
HTTP::header insert "Pragma" "no-cache"
HTTP::header insert "Expires" "0"Is that the best way to avoid this vulnerability? Would you guys have any other suggestions to improve this code? Is it there another way to mitigate this vulnerability?
Best Regards, Antonio Costa Conviso Application Security
1 Reply
Michael_JenkinsCirrostratus
I think you could optimize your code with one of these:
If you always want to have these 3 headers HTTP::header replace "Cache-Control " "no-cache, no-store, must-revalidate" HTTP::header replace "Pragma" "no-cache" HTTP::header replace "Expires" "0" If you only want to replace ones that exist if { [HTTP::header exists "Cache-Control"]} { HTTP::header replace"Cache-Control " "no-cache, no-store, must-revalidate" } if { [HTTP::header exists "Pragma"]} { HTTP::header replace"Pragma" "no-cache"} if { [HTTP::header exists "Expires"]} { HTTP::header replace"Expires" "0" }
