PFortin93 · June 25, 2018 14:45
diff --git a/Site-X-XSS-PROTECTION.irule b/Site-X-XSS-PROTECTION.irule
 #X-XSS-Protection iRule
 #By: Pierce Fortin ([email protected])
 #Checks for domain being requested on HTTP_Request, Sets flag for response rewrite if match 
 #If match, It then checks for X-XSS-Protection as existing, if it doesn't exist it adds one
 #If match and header !exist, It adds it.
 #v1.0 6/19/2018 Initial write


 when RULE_INIT 
 {
 	set static::xssprotectionDebugOn 0
 }
 when CLIENT_ACCEPTED 
 {
 	set logPrefix "[IP::client_addr]:[TCP::client_port]:xssprotection:\[HTTPS\]:\t"
 	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Client accepted" }
 }

 when HTTP_REQUEST {
 	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: ### Begin processing Incoming" }
 	set isxssprotectionDomain 0
    array set xssprotectionDomains 
    {
        "domain.com"
        "domain2.com"
    }
    foreach domain [array get xssprotectionDomains]
    {
 		if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Checking [HTTP::host] against $domain" }
        if { [string tolower [HTTP::host]] eq [string tolower $domain] } {
 			if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Current request is an xssprotection domain. Processing" }
        	set isxssprotectionDomain 1
   		}
 	}
 }

 when HTTP_RESPONSE {
 	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Processing Response" }
    if { $isxssprotectionDomain eq 1 } {
    	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Current request is an xssprotection domain. Inserting xssprotection" }
        if { not([HTTP::header exists "X-XSS-Protection"])}{
            if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Could not find existing X-XSS-Protection header. Inserting" }
            HTTP::header insert "X-XSS-Protection" "1"
        }
        else {
            if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Found existing X-XSS-Protection header, Replacing" }
            HTTP::header replace "X-XSS-Protection" "1"
        }     
 	}
 }
	#X-XSS-Protection iRule
	#By: Pierce Fortin ([email protected])
	#Checks for domain being requested on HTTP_Request, Sets flag for response rewrite if match
	#If match, It then checks for X-XSS-Protection as existing, if it doesn't exist it adds one
	#If match and header !exist, It adds it.
	#v1.0 6/19/2018 Initial write


	when RULE_INIT
	{
	set static::xssprotectionDebugOn 0
	}
	when CLIENT_ACCEPTED
	{
	set logPrefix "[IP::client_addr]:[TCP::client_port]:xssprotection:\[HTTPS\]:\t"
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Client accepted" }
	}

	when HTTP_REQUEST {
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: ### Begin processing Incoming" }
	set isxssprotectionDomain 0
	array set xssprotectionDomains
	{
	"domain.com"
	"domain2.com"
	}
	foreach domain [array get xssprotectionDomains]
	{
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Checking [HTTP::host] against $domain" }
	if { [string tolower [HTTP::host]] eq [string tolower $domain] } {
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Current request is an xssprotection domain. Processing" }
	set isxssprotectionDomain 1
	}
	}
	}

	when HTTP_RESPONSE {
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Processing Response" }
	if { $isxssprotectionDomain eq 1 } {
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Current request is an xssprotection domain. Inserting xssprotection" }
	if { not([HTTP::header exists "X-XSS-Protection"])}{
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Could not find existing X-XSS-Protection header. Inserting" }
	HTTP::header insert "X-XSS-Protection" "1"
	}
	else {
	if { $static::xssprotectionDebugOn } { log local0. "$logPrefix: Found existing X-XSS-Protection header, Replacing" }
	HTTP::header replace "X-XSS-Protection" "1"
	}
	}
	}
No results found