Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Create a CSP (Content-Security-Policy) rule

 

Information

 

Summary:

How to create a content security policy rule on the LoadMaster

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

LoadMaster administrator would like to add Content-Security-Policy headers for Exchange traffic.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks

These attacks are used for data theft, site defacement, and malware distribution.
Resolution:

Create a CSP rule to mitigate potential malicious requests:

One example would be an "Add Header" rule. 

    mceclip0.png

  • Header Field to be Added: Content-Security-Policy
  • Value of Header Field to be Added: img-src 'self' data: script-src 'self':

       Once the rule has been created, apply it to the desired VS.

       Advanced Properties > HTTP Header Modifications > Response Rules > Add Rule.

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments