security headers

Question

I need some help trying to figure out why my standard security headers are not being applied to a specific VIP. I am inserting X-FRAME-OPTIONS, X-XSS-PROTECTION,CONTENT-SECURITY-POLICY to all my Virtual Servers using an irule. for all VS they work if you scan the DNS NAME (using nmap or securityheaders.io) but if I scan using the IP all but 1 VS passes (just 1 VIP shows no headers, it does show HSTS which I am applying through a policy though. Any thoughts as to why 1 VIP would behave differently than the others?

samstep · Answer

It is difficult to say without understanding your configuration - most likely it is configuration mistake somewhere on that VIP. Is it possible that you have 2 VIPs - one listening on port 80 and another on port 443 and you applied iRule just to one of them?

Forum Discussion

security headers

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Security headers

Using ChatGPT for security and introduction of AI security

captcha not show after enable header security

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023