Had to add a bit more functionality to the rule. Turned out that the site actually had other sites framed within it so this mean that the original host captured wasn't enough. We also had to return the framed site.
So using a datagroup we could make a key pair using a string and a value, for example host1.com = host2.com.
Then in the irule we capture the HTTP:host in the HTTP_REQUEST, set it as the variable $host, then look that variable up in the datagroup and return its value as the variable $value.
Then $value can be used in the HTTP_RESPONSE
when HTTP_REQUEST {
set host [HTTP::host]
if { [class match $host contains content-security] } {
set host_exist 1
set value [class match -value "$host" equals "content-security"]
}
}
when HTTP_RESPONSE {
if { $host_exist equals 1 } {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self' $value"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self' '$value'"
}
else {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self'"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
}
}