Forum Discussion

Jim_24689's avatar
Jim_24689
Icon for Nimbostratus rankNimbostratus
Aug 16, 2013

Conceal Apache version using an iRule

Hello I've been knocking myself out trying to figure out way to conceal what version of Apache we are running. I know that the information is passed back to the client via an HTTP Response. I can't figure out how to access and alter that information. Many thanks in advance.

 

application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
security

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 16, 2013

    Try this:

    when HTTP_RESPONSE {
   if { [HTTP::header exists Server] } {
       HTTP::header replace Server "none-of-your-business"
   }
}

    You can also sanitize and remove headers via the HTTP profile.

  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Aug 18, 2013

    You can just Just configure your servers to not send too much details, instead of introducing additional processing work on the LTM...

     

    http://httpd.apache.org/docs/2.2/mod/core.htmlservertokens