Roflcopter
Feb 12, 2018Nimbostratus
Content-Security-Policy
I am trying to construct and iRule that will put a variable into a HTTP Header.
The requirements are -
- When a client connects set their HTTP:host as a variable for later use
- Check that the HTTP:host matches from a list defined in a datagroup
- If it does match then response to the client with "X-Content-Security-Policy" "frame-ancestors 'self' '$host'" and "X-Content-Security-Policy" "frame-scr 'self' '$host'"
- If there is no match then respond with HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self'" and "HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
I am having trouble piecing it all together into a single rule, I can get by with basic coding but I am pretty limited when it comes to putting multiple steps together like the above.
So far I have the below which isn't going to work, can someone here provide some assistance?
When HTTP_REQUEST {
Set host [HTTP::host]
if { [class match [HTTP::header "Host"] contains host_lookup_table] } {
log.local0 URI=$host
When HTTP_RESPONSE {
if {![HTTP::header exists "Content-Security-Policy"] } {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self' $host"
HTTP::header insert "Content-Security-Policy" "frame-scr 'self' '$host'"
}
if {![HTTP::header exists "X-Content-Security-Policy"] } {
HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self' '$host'"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self' '$host'"
}
}
else
When HTTP_RESPONSE {
if {![HTTP::header exists "Content-Security-Policy"] } {
HTTP::header insert "Content-Security-Policy" "frame-ancestors 'self'"
HTTP::header insert "Content-Security-Policy" "frame-scr 'self'"
}
if {![HTTP::header exists "X-Content-Security-Policy"] } {
HTTP::header insert "X-Content-Security-Policy" "frame-ancestors 'self'"
HTTP::header insert "X-Content-Security-Policy" "frame-scr 'self'"
}
}