Forum Discussion
1 Reply
Sort By
Hi,
F5 WebUI access (configuration utility) is managed by the httpd daemon.
in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.
You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.conf
it's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)
REF:
- K74566933: How to disable HTTP Option method in global level
- K02321234: Managing the SSL protocols and ciphers allowed by Configuration utility
Regards