Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Create a CSP (Content-Security-Policy) rule

 

Information

 

Summary:

How to create a content security policy rule on the LoadMaster

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

LoadMaster administrator would like to add Content-Security-Policy headers for Exchange traffic.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks

These attacks are used for data theft, site defacement, and malware distribution.
Resolution:

Create a CSP rule to mitigate potential malicious requests:

One example would be an "Add Header" rule.     

  • Header Field to be Added: Content-Security-Policy
  • Value of Header Field to be Added: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self';

       Once the rule has been created, apply it to the desired VS.
       Advanced Properties > HTTP Header Modifications > Response Rules > Add Rule.

Workaround:  
Notes: CSP-Evaluator

Was this article helpful?
0 out of 1 found this helpful

Comments