F5 configuration utility response server name as apache

Question

hi my security team sent a scan report that F5 configuration utility(management ip) response shows the server information as APACHE&nbsp;how to get resolve this ..

lidev · Answer

Hi,&nbsp;F5 WebUI access (configuration utility) is managed by the httpd daemon.in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.confit's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)&nbsp;REF:K74566933: How to disable HTTP Option method in global levelK02321234: Managing the SSL protocols and ciphers allowed by Configuration utility&nbsp;Regards&nbsp;

Forum Discussion

F5 configuration utility response server name as apache

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Solution for delayed BIG-IP page load of the Configuration utility

configuration utility restarting (upgrade)

Introduction of Incident Response

BIG-IP Configuration utility vulnerability CVE-2023-38138

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS