Forum Discussion

Nimbostratus

Aug 14, 2015

Way to replace HTTP header being applied by APM portals

All full webtop portals I create have this HTTP header, which I need to override. Using iRules for this is failing. Header in question: Content-Security-Policy: default-src 'self' 'unsafe-inli...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Aug 21, 2015

The CSP header value is actually coming from APM, so there's no local response event that can catch that. The best option would be to put a VIP targeting solution in front of your APM VIP. The external VIP would be able to see and manipulate the internal APM's responses. You'd put your client SSL handling on the external VIP and the internal APM VIP would listen on HTTP. Here's what that external iRule might look like:

when CLIENT_ACCEPTED {
    virtual internal-vip
}
when HTTP_RESPONSE {
    if { [HTTP::header exists Content-Security-Policy] } {
        HTTP::header replace Content-Security-Policy [string map {";" " connect-src *;"} [HTTP::header Content-Security-Policy]]
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)