ASM configurations advise

Without seeing the client request, the request from the F5, and the response from the server, I can only suggest you add the missing header to the allowed headers, and see if that clears it up.

Where I can add the header? I cannot see in Security tab

It would be helpful to see the request as it is processed by ASM. Go to the policy settings for your virtual server and enable Log Profile. Then select Log All Requests. After running some traffic, you can go to the Event Log and determine if the header is there or not...

In Security Event Logs, I can only see the requests processed by ASM. I cannot see the requests without ASM. correct?

F5 removed the server header (Server: ABC). I added it in HTTP Headers as the Custom Header and Mandatory, but still not working.

Try creating a custom HTTP profile (use http as the parent profile) and add Server:ABC to the Response Headers Allowed field. BIG-IP is stripping the server header before ASM processes the request.

I just tried, The character ':' is not allowed for Server:ABC. I added Server to the Response Headers Allowed, but still cannot see the Server header in the response.

I did try added the iRule from the article https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10089.html, but it added Xerver: ABC. I changed to Server instead but failed working.

when HTTP_RESPONSE { if { [HTTP::header exists "Server"] } { HTTP::header insert Xerver [HTTP::header value "Server"] } }

Silly question probably, but did you apply the new HTTP profile to VS? Here's another iRule that seems to address the same problem:

https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14342.html

I did that, it just cannot see, I have confirmed added in virtual server.

when HTTP_RESPONSE { HTTP::header insert Server "ABC" }