Security Headers Insertion
Published Mar 14, 2016
Version 1.0Was this article helpful?
Are these possible to insert on APM Webtops? edit added a working irule for this on apm 13.0.
when HTTP_RESPONSE { if {!( [HTTP::header "X-XSS-Protection"] eq "1; mode=block") }{ HTTP::header replace X-XSS-Protection "1; mode=block" }
if {!( [HTTP::header "X-Content-Type-Options"] eq "nosniff") }{
HTTP::header replace X-Content-Type-Options "nosniff"
}
if {!( [HTTP::header "Content-Security-Policy"] eq "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;") }{
HTTP::header replace Content-Security-Policy "frame-ancestors *;script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: ; connect-src 'self' wss:;"
}
log local0. "irule working"
}