Forum Discussion

mo_ibrahim_3636

Nimbostratus

Jun 07, 2018

ASM detection

how do i prevent to detect the web server operating system and platform ?

1 Reply

youssef1

Cumulonimbus

Jun 07, 2018

Hi,

you can use an irule to remove unwanted header:

when HTTP_RESPONSE { 

    Remove all instances of the Server header 
   HTTP::header remove Server 

    Remove all headers starting with x- 
   foreach header_name [HTTP::header names] { 

      if {[string match -nocase x-* $header_name]}{ 

         HTTP::header remove $header_name 
      }
   }
}

In all case you will need to know what's header you want to remove, Once you know what it is they're looking for you could then obfuscate those header or removes it as above...

Regards

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM detection

1 Reply

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

Migrate partitions 2600i to 2600r

CPU/vCPU sizing on rseries

R series - Host and Tenants IP in the same subnet

Errors with AS3 3.56.0 with F5 17.5.1.6

where to download older F5 OS versions

Related Content

LLM Prompt Injection Detection & Enforcement

WS-Shield: WebSocket Abuse Detection & Adaptive Enforcement Gateway

F5 Distributed Cloud JA4 detection for enhanced performance and detection

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS