Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

LTM Policy - Insert Header on Response

Hi all,

I'm having an issue with LTM policies to insert header on response. Here's the working configuration 1 policy with 3 rules

 rules {
    Pool1_rule {
        actions {
            0 {
                forward
                select
                pool Pool1
            }
            1 {
                http-header
                response
                insert
                name Content-Security-Policy
                value "frame-ancestors 'self';"
            }
            2 {
                http-header
                response
                insert
                name X-Content-Security-Policy
                value "frame-ancestors 'self';"
            }
        }
        conditions {
            0 {
                http-host
                values { pool1.mysite.com }
            }
        }
    }
    Pool2_rule {
        actions {
            0 {
                forward
                select
                pool Pool2
            }
        }
        conditions {
            0 {
                http-host
                values { pool2.mysite.com }
            }
        }
        ordinal 1
    }
    Pool3_rule3 {
        actions {
            0 {
                forward
                select
                pool pool3

        }
        conditions {
            0 {
                http-host
                values { pool3.mysite.com }
            }
        }
        ordinal 2
    }
}
status published
strategy /Common/first-match
}

This Policy works because the headers are added in the first rule. If you change the order of the rules, for example add the headers in the second rule the headers are not added on the response.

rules {
    Pool2_rule {
        actions {
            0 {
                forward
                select
                pool Pool2
            }
        }
        conditions {
            0 {
                http-host
                values { pool2.mysite.com }
            }
        }
    }
    Pool1_rule {
        actions {
            0 {
                forward
                select
                pool Pool1
            }
            1 {
                http-header
                response
                insert
                name Content-Security-Policy
                value "frame-ancestors 'self';"
            }
            2 {
                http-header
                response
                insert
                name X-Content-Security-Policy
                value "frame-ancestors 'self';"
            }
        }
        conditions {
            0 {
                http-host
                values { pool1.mysite.com }
            }
        }
        ordinal 1
    }
    Pool3_rule3 {
        actions {
            0 {
                forward
                select
                pool pool3

        }
        conditions {
            0 {
                http-host
                values { pool3.mysite.com }
            }
        }
        ordinal 2
    }
}
status published
strategy /Common/first-match
}

Is this a limitation in LTM Policies?

Thanks,

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In the working policy, the header-insert actions are taken when the HTTP Host is "pool1.mysite.com", but the host in the non-working policy is "pool2.mysite.com". Is this what you intended?

0
Comments on this Answer
Comment made 5 days ago by Joel Breton 213

Yes, basically if the rule to insert the header in the response is not the first rule it doesn't execute.

0
Comment made 3 days ago by CharlesCS 542

The point I was trying to make is that the Host values are different. The working policy inserts the header only if the Host is "pool1.mysite.com", and the non-working one will perform the insert only when the Host is "pool2.mysite.com". If the actual host value in the HTTP request is always "pool1.mysite.com", then you should modify the conditions in the second (non-working) policy accordingly.

0
Comment made 2 days ago by Joel Breton 213

Hi Charles,

You bring a good point but the example I gave is not 100% accurate as you pointed out. From the GUI (configuration utility) you can rearrange the order of the rules, this is where I change the order. If the rule Pool1 is the first on the list it adds the headers on the response, and if I move that rule in the second position it stops working.

I've corrected the question

0