Skip to content

Instantly share code, notes, and snippets.

@keburak
Created September 17, 2020 13:59
Show Gist options
  • Save keburak/a761a73249fea099dc9c9afc5dd74d2e to your computer and use it in GitHub Desktop.
Save keburak/a761a73249fea099dc9c9afc5dd74d2e to your computer and use it in GitHub Desktop.
netscaler Strict-Transport-Security , X-Frame-Options , X-Xss-Protection , CORS policy
------------------------------------------------------------------------------------------------------
#add x-frame-options header
add rewrite action act_insert_XFrame_header insert_http_header X-Frame-Options "\"SAMEORIGIN\""
add rewrite policy pol_enforce_XFrame TRUE act_insert_XFrame_header
------------------------------------------------------------------------------------------------------
#add HSTS header
add rewrite action act_insert_HSTS_header insert_http_header Strict-Transport-Security "\"max-age=157680000; includeSubDomains; preload\""
add rewrite policy pol_enforce_HSTS TRUE act_insert_HSTS_header
------------------------------------------------------------------------------------------------------
#add x-xss-protection header
add rewrite action act_insert_XSS_header insert_http_header X-Xss-Protection "\"1; mode=block\""
add rewrite policy pol_enforce_XSS TRUE act_insert_XSS_header
------------------------------------------------------------------------------------------------------
#Cross-Origin Resource Sharing
add policy patset CORS_origins_allowed
bind policy patset CORS_origins_allowed .domain.com -index 1
bind policy patset CORS_origins_allowed .domain.com -index 2
add responder action CORS_deny_response respondwith q{"HTTP/1.0 401 Unauthorized CORS\r\n\r\n"} -bypassSafetyCheck YES
add responder policy CORS_origin_denied "HTTP.REQ.HEADER(\"Origin\").EXISTS&&HTTP.REQ.HEADER(\"Origin\").TYPECAST_HTTP_URL_T.HOSTNAME.CONTAINS_ANY(\"CORS_origins_allowed\").NOT" CORS_deny_response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment