Jump to content

Recommended Posts

Posted

I recently ran a check at https://securityheaders.com/ against a Access Gateway. Following information pops up in the result page

image.thumb.png.c38f3ff638990ba4892298362a3abbd3.png

image.png.20ff3bf40e9aeb62cb2140dd5f9430ed.png

image.thumb.png.ffaf0552bffed378c1f9e816f3f359d3.png

I tried to add these header with a rewrite policy but the page seems to ignore it. I can see it in CHrome developer tools ?!?! So I assume Citrix must rename it in the firmware right? I am running 14.1-34.42 on my testing VPX here.

 

Posted

Hi Jens,

here's one of my NSGW's running on 14.1 34.42
image.thumb.png.3f2b89d1002986eaff29e891481dec8b.png

 

Here's the cli for Permissions Policy (replace gateway.customer.com with your NSGW FQDN) (and delete of Feature-Policy):

add rewrite action rw_act_delete_FeaturePolicy delete_http_header Feature-Policy 
add rewrite action rw_act_insert_Permissions_Policy insert_http_header Permissions-Policy "\"vibrate=(self), sync-xhr=(self \'https://gateway.customer.com\')\""
add rewrite policy rw_pol_remove_FeaturePolicy "HTTP.RES.HEADER(\"Feature-Policy\").EXISTS" rw_act_delete_FeaturePolicy
add rewrite policy rw_pol_insert_Permissions_Policy "HTTP.RES.HEADER(\"Permissions-Policy\").EXISTS.NOT" rw_act_insert_Permissions_Policy

See some details here https://www.julianjakob.com/citrix-adc-latest-insights-about-security-headers/ 

 

Hope this helps

Regards

Julian

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...