Adding securityheaders

Question

Hello,&nbsp;
I have a situation where there is many websites behind one virtual server and I would need to enable securityheaders.io recommended headers to responses. &nbsp;
Is there any ways to apply header only to one host which is behind the vip. HSTS would propably break something if applied to the VIP from etc. http profile?&nbsp;
And other question is about doing this in the webserver? Is there any reason those headers can't be added in IIS if f5 is doing ssl offloading or briding. Both offloading and bridging are used in same vip through policies. &nbsp;
Any help is much appreciated!&nbsp;
BR &nbsp;
Teemu&nbsp;

lee_sutcliffe · Answer

This can easily be done per server IP on an HTTP response. 
For example:
when HTTP_RESPONSE {
    if {[IP:addr [IP:server_addr] equals 10.10.10.10]} {
    HTTP::header insert header-name header-value
     }
}

stanislas_piro2 · Answer

Hi,&nbsp;
Jason Rahm shared in codeshare section a ready to use irule about security headers insertion in HTTP responses:&nbsp;
https://devcentral.f5.com/codeshare/security-headers-insertion&nbsp;

Forum Discussion

Adding securityheaders

2 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Getting Started with BIG-IP Next: Adding Instances to Central Manager

adding pool members in cli

Multiple AD Authentication

ASM - Adding Allowed URL's via CLI in 2023

Yubikey Authentication Modes and Azure AD integration via the APM