Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Create a CSP (Content-Security-Policy) rule for security purposes.

Updated

Information

 

Summary:

EU are negotiating with their IT insurance provider and they have asked us to put in a CSP (content security policy) rule.
Environment:

Product: LoadMaster

Version: Any

Platform: Any 

Application: Any
Question/Problem Description:

EU would like to add Content-Security-Policy headers for Exchange 2016 for /owa
 
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks
 
These attacks are used for everything from data theft, to site defacement, to malware distribution.
Resolution:

You can create a CSP rule to mitigate potential malicious requests:
 
One example would be an "Add Header" rule. 

  • Header Field to be Added: Content-Security-Policy
  • Value of Header Field to be Added: default-src https: 'unsafe-inline'; object-src 'none' ; script-src 'self'

Once the rule has been created you can apply it to the desired VS.

Advanced Properties > HTTP Header Modifications > Response Rules > Add Rule.
Workaround:  
Notes:  

Comments

In this document