Forum Discussion

Cirrus

Aug 08, 2021

WAF custom block page settings

We have configured custom block page for WAF. It is perfectly working fine. Now our customer want few security settings like csp headers, hsts to be enabled on the response page. Could you please con...

ASM Advanced WAF

security

spalande
Aug 10, 2021
You don't need to add those headers in the code, but in the response headers field as shown below.

if you are trying to add via iRule, please use HTTP_RESPONSE_RELEASE event as ASM is triggered after HTTP_RESPONSE event

BK1

Cirrus

Aug 10, 2021

Thanks Sanjay for your response on this. Appreciate it.

Yes we have customized the block page from here by putting custom html code in the given field. Now I am looking for modifying code for hsts and csp headers. I tried the way we add it in irule but somehow it's still not working. I need help on this not sure if it's due to syntax problem or something else.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

WAF custom block page settings

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Setting Up A Basic Customer Edge To Run vk8s in F5 Distributed Cloud App Stack

Setting up BIG-IP with AWS CloudHSM

Setting up persistence in F5 XC

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS