CirrocumulusiRule for multiple actions on a single HTTP Response
I'm trying to build a single iRule to possibly perform multiple actions on HTTP responses. The purpose of the iRule is to inspect the HTTP headers in all responses and insert all missing security headers before sending traffic back to the client.
My concern is that by using 'if' and 'elseif' only the first matching condition will be performed.
The intention is the following:
Check if header 1 is missing on the response to the client, and if it is, insert it
Then check if header 2 is missing, and if it is, insert it as well
Then check if header 3 is missing, and if it is, insert it as well
and so on until the last header check, and then finally sent the response to the client with all the missing headers added to it.
Is this possible in a single iRule? Or is it only possible by doing each check and action on separate iRules and then adding all of them to the virtual servers?
This is the initial draft for the iRule:
when HTTP_RESPONSE {
if { !([ HTTP::header exists "X-Frame-Options" ])} { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" }
elseif { !([ HTTP::header exists "X-XSS-Protection" ])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" }
elseif { !([ HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }
elseif { !([ HTTP::header exists "Strict-Transport-Security" ])} { HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains" }
}
