Security Headers Insertion

Problem this snippet solves: Centralize the security header management for one or more domains on the recommendation of SecurityHeaders.io. Be warned!! You can really do damage to your availabili...
Published Mar 14, 2016
Version 1.0
security
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
magnus78_287184's avatar
magnus78_287184
Icon for Cirrus rankCirrus
Nov 17, 2017

Are these possible to insert on APM Webtops? edit added a working irule for this on apm 13.0.

when HTTP_RESPONSE { if {!( [HTTP::header "X-XSS-Protection"] eq "1; mode=block") }{ HTTP::header replace X-XSS-Protection "1; mode=block" }

if {!( [HTTP::header "X-Content-Type-Options"] eq "nosniff") }{
    HTTP::header replace X-Content-Type-Options "nosniff"
}
if {!( [HTTP::header "Content-Security-Policy"] eq "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;") }{
    HTTP::header replace Content-Security-Policy "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;"
}
log local0. "irule working"

}