WAF custom block page settings

BK1 · ‎07-Aug-2021

We have configured custom block page for WAF. It is perfectly working fine. Now our customer want few security settings like csp headers, hsts to be enabled on the response page. Could you please confirm if it is possible? If yes, kindly help with the same. Thank you

SanjayP · ‎10-Aug-2021

You don't need to add those headers in the code, but in the response headers field as shown below.

if you are trying to add via iRule, please use HTTP_RESPONSE_RELEASE event as ASM is triggered after HTTP_RESPONSE event

View solution in original post

SanjayP · ‎09-Aug-2021

You can select custom response and add those CSP, HSTS headers under Response Headers

BK1 · ‎09-Aug-2021

Thanks Sanjay for your response on this. Appreciate it.

Yes we have customized the block page from here by putting custom html code in the given field. Now I am looking for modifying code for hsts and csp headers. I tried the way we add it in irule but somehow it's still not working. I need help on this not sure if it's due to syntax problem or something else.

SanjayP · ‎10-Aug-2021

You don't need to add those headers in the code, but in the response headers field as shown below.

if you are trying to add via iRule, please use HTTP_RESPONSE_RELEASE event as ASM is triggered after HTTP_RESPONSE event

DevCentral

WAF custom block page settings

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

WAF custom block page settings

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards