Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Create a CSP (Content-Security-Policy) rule for for Exchange.

 

Information

 

Summary:

End-User is negotiating with their IT insurance provider and they have asked us to put in a CSP (content security policy) rule for the exchange server.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

End-User would like to add Content-Security-Policy headers for Exchange 2016.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks

These attacks are used for data theft, site defacement, and malware distribution.
Resolution:

You can create a CSP rule to mitigate potential malicious requests:

One example would be an "Add Header" rule. 

    mceclip0.png

  • Header Field to be Added: Content-Security-Policy
  • Value of Header Field to be Added: img-src 'self' data: script-src 'self':

       Once the rule has been created you can apply it to the desired VS.

       Advanced Properties > HTTP Header Modifications > Response Rules > Add Rule.

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments