gdoyle
Oct 29, 2018Cirrostratus
APM Returning "Big IP" in Server field, but need to hide that information.
I have one of my customers running through APM for some SAML authentication. One of their concerns is that when inspecting some headers the Server field is populated with "Big IP", while the customer would prefer another layer of security through obfuscation.
It appears that the "Server: Big IP" field is being populated after the 302 redirect from APM when /my.policy is served.
Is it possible to hide this field?
Due to it being in APM I believe I will need this statement:
when CLIENT_ACCEPTED {
to get access to restricted URIs
ACCESS::restrict_irule_events disable
}
However, in the irule, is there a way to tell the BigIP to return a different, or no, value in the Server field?
Is there a way to do it in the HTTP profile maybe?
Thanks.