F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ragunath154's avatar
ragunath154
Icon for Cirrostratus rankCirrostratus
Oct 02, 2020

F5 configuration utility response server name as apache

hi my security team sent a scan report that F5 configuration utility(management ip) response shows the server information as APACHE   how to get resolve this ..
application delivery
LTM
security
Lidev's avatar
Lidev
Icon for Nacreous rankNacreous
Oct 02, 2020

Hi,

 

F5 WebUI access (configuration utility) is managed by the httpd daemon.

in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.

You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.conf

it's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)

 

REF:

 

Regards