Forum Discussion

pedinopa_170325's avatar
pedinopa_170325
Icon for Nimbostratus rankNimbostratus
Jun 08, 2017

x-frame-options

I have to restrict x frame options to specific domains. I have the following irule, is this a good way to do it?

 

when HTTP_RESPONSE {

 

if { not([HTTP::header exists "X-Frame-Options"])}{ HTTP::header insert X-Frame-Options {ALLOW-FROM https://domain1.com) HTTP::header insert X-frame-Options (ALLOW-FROM https://domain2.com) HTTP::header insert X-frame-Options (ALLOW-FROM https://domain3.com)}

 

} else { HTTP::header replace X-Frame-Options {ALLOW-FROM https://domain1.com} HTTP::header replace X-Frame-Options {ALLOW-FROM https://domain2.com} HTTP::header replace X-Frame-Options {ALLOW-FROM https://domain3.com} }

 

}

 

iRules
security
No RepliesBe the first to reply