Forum Discussion
NimbostratusXSS Issue in IE Setting: Any suggestion from F5 LTM side
I was seeking assistance with cross scripting setting (XSS); in order to overcome this setting for the users going through the Direct URL, they would need to add *.mycompany.com to trusted sites and have the XSS disabled only for trusted sites, instead of changing at Internet or local intranet sites. Is this something you can authorize the users to do at Coastal or is XSS required to be enabled on all sites?
Issue: User is unable to get Reports to load if XSS is enabled and the only way to get the Reports to load is to disable XSS for all internet sites. He has tried added https://*.mycompany.com to trusted sites and disable XSS for just the trusted sites but that does not resolve the issue. User is using IE8.
Can we do any setting from LTM too.Users will browse Virtual server internally as well as externally and we are using SSL Client profile for now.
Thanks, Parveez
4 Replies
Pconlan_71037Altocumulus
You can use an iRule attached to the virtual server to disable XSS: "when HTTP_RESPONSE { HTTP::header insert X-XSS-Protection 0 }" This tells IE to skip the XSS checks it would normally do.
Parveez_70209So, I am going to add one more irule stating to exempt XSS settings, right ?
HTTP_RESPONSE { HTTP::header insert X-XSS-Protection 0 }"
- Parveez_70209
I am getting error into the syntax, kindly assist into this.
HTTP_RESPONSE { HTTP::header insert X-XSS-Protection 0 }"
- Parveez_70209
It got resolved, thank you so much for your earnest assistance.
