StephenGonsalv1
Sep 12, 2017Nimbostratus
I rule creation for http headers using Data groups
Hi All
Need your help to create an irule to permit the following http headers and drop all(x-) others. Need to work this through by creating a data group for the below headers so that we don't have to disturb the i rule every time. Your speedy response would be appreciated. X-XSS-Protection X-Content-Type-Options x-frame-options
=====================================================
when HTTP_RESPONSE { Remove all instances of the Server header HTTP::header remove Server
Remove all headers starting with x- (i.e. X-Powered-By, X-AspNet-Version, X-AspNetMvc-Version)
foreach header_name [HTTP::header names] {
if {[string match -nocase x-* $header_name]}{ This header needs to be allowed to mitigate clickjacking
if {[string match -nocase x-frame-options $header_name]}{
continue;
}
HTTP::header remove $header_name
}
} }