question

dionizioferreira-5701 avatar image
0 Votes"
dionizioferreira-5701 asked RaviVarmanMSFT-5919 answered

Configure Header in Azure CDN

Hello,
In my company we publish our platform using Azure CDN, and for meet some security necessity i need to configure some header in production and staging.
I start in Staging configuration.
- In the endpoint i clicked in Advanced Features

  • Manage

  • In HTTP Large, i clicked in Rules Engine V 4.0

  • Clone the current Rule and add
    I try creating in 2 different ways
    First Try

  1. Match > General > Always

  2. Feature > Headers > Modify Client Response Header > Append > X-Frame-Options > SAMEORIGIN

  3. Feature > Headers > Modify Client Response Header > Append > trict-Transport-Security > max-age=31536000; includeSubDomains; preload


Second Try
1. Match > Edge CNAME > platform url

  1. Feature > Headers > Modify Client Response Header > Append > X-XSS-Protection > 1;mode=block


In both try i Deploy the Rule.
I tested different header to check if the header was the problem, but didn't work in any scenarios. Actually i make a lot more trys, change like double quotes, the values and other things.
I thought about cache (but i didn't think it was related) but i don't have cache enabled.
To check the header i used 2 different tools
- curl -h <URL>

Anyone have any ideas why its not working?

azure-cdn
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

RaviVarmanMSFT-5919 avatar image
0 Votes"
RaviVarmanMSFT-5919 answered

Hi @dionizioferreira-5701

Apologize for delay in response.

Can you set the action type as Overwrite instead of Append, this sets the response header.

Ex:

Match > General > Always

Feature > Headers > Modify Client Response Header > Overwrite > X-Frame-Options > SAMEORIGIN


Hope this was helpful. Please let us know in case of any additional questions or concerns.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.