Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

WAF custom block page settings

Go to solution
BK1
Cirrus
Cirrus

‎07-Aug-2021 22:49

We have configured custom block page for WAF. It is perfectly working fine. Now our customer want few security settings like csp headers, hsts to be enabled on the response page. Could you please confirm if it is possible? If yes, kindly help with the same. Thank you

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
SanjayP
MVP
MVP

‎10-Aug-2021 00:26

You don't need to add those headers in the code, but in the response headers field as shown below.

 

0691T00000DyScKQAV.gif 

 

if you are trying to add via iRule, please use HTTP_RESPONSE_RELEASE event as ASM is triggered after HTTP_RESPONSE event

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
SanjayP
MVP
MVP

‎09-Aug-2021 00:57

You can select custom response and add those CSP, HSTS headers under Response Headers

 

0691T00000DyPb4QAF.gif 

 

0 Kudos

Go to solution
BK1
Cirrus
Cirrus

‎09-Aug-2021 23:38

Thanks Sanjay for your response on this. Appreciate it.

Yes we have customized the block page from here by putting custom html code in the given field. Now I am looking for modifying code for hsts and csp headers. I tried the way we add it in irule but somehow it's still not working. I need help on this not sure if it's due to syntax problem or something else. ​

0 Kudos

Go to solution
SanjayP
MVP
MVP

‎10-Aug-2021 00:26

You don't need to add those headers in the code, but in the response headers field as shown below.

 

0691T00000DyScKQAV.gif 

 

if you are trying to add via iRule, please use HTTP_RESPONSE_RELEASE event as ASM is triggered after HTTP_RESPONSE event

0 Kudos
Copyright © 2023 Khoros, LLC