Security Headers Insertion
Problem this snippet solves: Centralize the security header management for one or more domains on the recommendation of SecurityHeaders.io.
Be warned!! You can really do damage to your availabili...
Published Mar 14, 2016
Version 1.0JRahm
Admin
Joined January 20, 2005
JRahm
Admin
Joined January 20, 2005
magnus78_287184
Nov 17, 2017Cirrus
Are these possible to insert on APM Webtops? edit added a working irule for this on apm 13.0.
when HTTP_RESPONSE { if {!( [HTTP::header "X-XSS-Protection"] eq "1; mode=block") }{ HTTP::header replace X-XSS-Protection "1; mode=block" }
if {!( [HTTP::header "X-Content-Type-Options"] eq "nosniff") }{
HTTP::header replace X-Content-Type-Options "nosniff"
}
if {!( [HTTP::header "Content-Security-Policy"] eq "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;") }{
HTTP::header replace Content-Security-Policy "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;"
}
log local0. "irule working"
}