Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ASM: Need to add HTTP security headers for response and blocking pages

stupid48
Altocumulus
Altocumulus

‎02-Mar-2023 10:17

Hi there,

We are needing to turn on security headers for ASM response and blocking pages.  There is a KB (K25232031 ) that mentions it being enabled by default for version 16.0.0.

We are running a prior version.  Does anyone know if this is possible on earlier versions?

Labels:
0 Kudos
2 REPLIES 2

Enes_Afsin_Al
MVP
MVP

‎02-Mar-2023 11:30 - edited ‎02-Mar-2023 11:32

 

Hi,

You can add response headers from the "Response and Blocking Pages" settings.

Security > Application Security > Security Policies > Policies List > waf_policy_name > Response and Blocking Pages > Custom Response

311342-1.jpg

0 Kudos

Juergen_Mang
MVP
MVP

‎03-Mar-2023 01:23 - edited ‎03-Mar-2023 01:26

K25232031  is interesting, thanks for the link.

About X-XSS-Protection: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
About X-Frame-Options: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Adding a simple Content-Security-Policy will be the better way. I do not tested it, but this shoud suffice:

 

Content-Security-Policy: default-src 'self'; frame-ancestors 'self'

 

P.S.: I always change the Response Code to 403

 

 

0 Kudos
Copyright © 2023 Khoros, LLC