Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Conditional policy for security header based on URI path

Kevin_Lange
Nimbostratus
Nimbostratus

‎26-Aug-2020 11:17 - last edited on ‎22-Nov-2022 15:12 by Fog

I'm struggling to get a conditional policy based on URI to work properly. I'm trying to set X-Frame-Options based on paths, such that the header is more relaxed on specific paths, but more strict on anything else. The below code results in ALLOWALL for pretty much everything. I'm fairly certain the application is sending ALLOWALL for everything. I'm just trying to enforce defaults at the LTM, permiting conditional.

 

     "X-Frame-Options header SAMEORIGIN" {
           actions {
               0 {
                   http-header
                   response
                   replace
                   name X-Frame-Options
                   value SAMEORIGIN
               }
           }
           conditions {
               0 {
                   http-uri
                   path
                   not
                   starts-with
                   values { /path-a/ /path-b/subpath/ /path-c/
               }
               1 {
                   http-header
                   response
                   name X-Frame-Options
                   not
                   contains
                   values { SAMEORIGIN }
               }
           }
           ordinal 3
       }
       "X-Frame-Options header ALLOWALL" {
           actions {
               0 {
                   http-header
                   response
                   replace
                   name X-Frame-Options
                   value ALLOWALL
               }
           }
           conditions {
               0 {
                   http-uri
                   path
                   starts-with
                   values { /path-a/ /path-b/subpath/ /path-c/ }
               }
               1 {
                   http-header
                   response
                   name X-Frame-Options
                   not
                   contains
                   values { ALLOWALL }
               }
           }
           ordinal 2
Labels:
0 Kudos
1 REPLY 1

nathe
Cirrocumulus
Cirrocumulus

‎27-Aug-2020 07:30

Kevin, do you have a OneConnect profile attached to the VS? Also see K15097 to see if this looks to explain what you are seeing, even though this references Pools and not headers.

 

Hope this helps

 

N

0 Kudos
Copyright © 2023 Khoros, LLC