Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Create a CSP (Content-Security-Policy) rule for for Exchange.

Updated

 

Information

 

Summary:

End-User is negotiating with their IT insurance provider and they have asked us to put in a CSP (content security policy) rule for the exchange server.
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any
Question/Problem Description:

End-User would like to add Content-Security-Policy headers for Exchange 2016.
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks

These attacks are used for data theft, site defacement, and malware distribution.
Resolution:

You can create a CSP rule to mitigate potential malicious requests:

One example would be an "Add Header" rule. 

    mceclip0.png

  • Header Field to be Added: Content-Security-Policy
  • Value of Header Field to be Added: img-src 'self' data: script-src 'self':

       Once the rule has been created you can apply it to the desired VS.

       Advanced Properties > HTTP Header Modifications > Response Rules > Add Rule.
Workaround:  
Notes:  

Comments

In this document