Forum Discussion
mrbongoco_64052
Nimbostratus
NimbostratusHTTP_Response Client side
Hi
Ive been looking to write and Irule to strip out the HTTP::Header for all "Server" types but have been unable to get this work.
Essentially it works perfectly server side, but when a user initiates a connection to the VIP they get BIG-IP and Apache in the http::header server type:
This is a sample rule:
when HTTP_RESPONSE {
clientside {
if { [HTTP::header "Server"] contains "Apache" } {
HTTP::header replace "Server" "testing"
} elseif {
[HTTP::header "Server"] contains "IIS"} {
HTTP::header replace "Server" "testing"
}
}
}
The rule saves but it doesnt like the way I have forced it client side, I have done this as I believe the http response is a server side TCL command only.
Im wondering if I should be doing this another way but my Irule TCL is just not strong enough.
Thanks in advance for any pointers.
4 Replies
Michael_YatesHi mrbongoco,
Take a look at the HTTP::header sanatize command.
Here is an the DevCentral Wiki post on Server Resource Cloaking: Server Resource Cloaking.
The HTTP::header command with additional details is covered here: HTTP::header.
Hope this helps.
John_Matlock_42In addition to Michaels response, clientside in this context isn't required as when you perform an action in the HTTP_RESPONSE you're modifying the packets as they're on their way back to the client. I dropped this irule in my test environment and confirmed it worked.when HTTP_RESPONSE { if { [HTTP::header "Server"] contains "Microsoft-IIS/7.0" } { HTTP::header replace "Server" "testing" } }
John
mrbongoco_64052Hi
Firstly thank you for taking the time and interest in my post and also replying.
I certainly look at both suggestions today and realised that maybe I wasnt that clear.
I essentially want to stop clients (client side) seeing any info about the F5 itself but specifically the server type in the http header.
When a client connects to the vip without the fully qualified URL they see the f5 landing page thus exposing the F5 to any wouldbe attacker.
Hope this makes more sense.
Jon
Bryce_KlimoskiPosted By mrbongoco on 04/23/2012 10:36 PM
Hi
Firstly thank you for taking the time and interest in my post and also replying.
I certainly look at both suggestions today and realised that maybe I wasnt that clear.
I essentially want to stop clients (client side) seeing any info about the F5 itself but specifically the server type in the http header.
When a client connects to the vip without the fully qualified URL they see the f5 landing page thus exposing the F5 to any wouldbe attacker.
Hope this makes more sense.
Jon
I have only ever seen the F5 insert the Big-IP server header into a http response to the client when I call HTTP::redirect or HTTP::respond.With HTTP::redirect the server header is hardwired and the only way to by-pass this is to use HTTP::respond to send out the a 302 response code with a location header.
HTTP::respond 302 noserver Location "http://www.domain.org" Server "testing"
If your using the F5 to server up the initial landing page, you could do this.
HTTP::respond noserver Server "testing" content $content
