Need to implement HTTP security headers and Brute Force attack prevention features
I need help on two things.
1) Need to implement HTTP security headers for a URL sub-directories (like https://google.com/photos). We already have iRules in place for main URL but unsure how to create for sub-directories of a URL. I tried adding below iRule but I get "secure connection failed, PR_CONNECT_RESET_ERROR" error when accessing the URL.
when HTTP_REQUEST {
if { ( [string tolower [HTTP::host]] eq "abc.xyz.com" ) and ( [string tolower [HTTP::uri]] eq "/cache_login/login.php" ) } then {
set insert_csp 1
} else {
set insert_csp 0
}
}
when HTTP_RESPONSE {
if { $insert_csp } then {
HTTP::header insert "Content-Security-Policy" "script-src 'self'"
}
}
2) Need Brute Force Attack Prevention. I know this feature is available in ASM but when I followed the steps of video: ASM Demo 28 - Block Brute Force Attacks Targeting a Single Username, I don't see its working for the external web apps. It doesn't block when we try to enter same username with different passwords more than 5 times or so.