I rule creation for http headers using Data groups

Question

Hi All
Need your help to create an irule to permit the following http headers and drop all(x-) others. Need to work this through by creating a data group for the below headers so that we don't have to disturb the i rule every time. Your speedy response would be appreciated.
X-XSS-Protection
X-Content-Type-Options
x-frame-options
=====================================================
when HTTP_RESPONSE { 
  Remove all instances of the Server header 
  HTTP::header remove Server 
 Remove all headers starting with x- (i.e. X-Powered-By, X-AspNet-Version, X-AspNetMvc-Version)
foreach header_name [HTTP::header names] {
if {[string match -nocase x-* $header_name]}{ 
     This header needs to be allowed to mitigate clickjacking  
    if {[string match -nocase x-frame-options $header_name]}{   
        continue;
    }

HTTP::header remove $header_name 
  }

} 
}

vernonwells · Answer

Not tested, but this should be close.
when HTTP_REQUEST {
    foreach hn [HTTP::header names] {
        if { $hn starts_with "x-" or $hn starts_with "X-" } {
            if { ![class match $hn equals my-data-group] } {
                HTTP::header remove $hn
            }
        }
    }
}

Forum Discussion

I rule creation for http headers using Data groups

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

Certified Kubernetes Administrator - Study Group

AS3 Json for pool creation

Does NGINX Controller allow the creation of upstream server groups/farms configuraton components?

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)