Forum Discussion

mrbongoco_64052's avatar
mrbongoco_64052
Icon for Nimbostratus rankNimbostratus
Apr 23, 2012

HTTP_Response Client side

Hi

Ive been looking to write and Irule to strip out the HTTP::Header for all "Server" types but have been unable to get this work.

Essentially it works perfectly server side, but when a user initiates a connection to the VIP they get BIG-IP and Apache in the http::header server type:

This is a sample rule:

when HTTP_RESPONSE {
clientside {
if { [HTTP::header "Server"] contains "Apache" } {
HTTP::header replace "Server" "testing"
} elseif {
[HTTP::header "Server"] contains "IIS"} {
HTTP::header replace "Server" "testing"
}
}
}

The rule saves but it doesnt like the way I have forced it client side, I have done this as I believe the http response is a server side TCL command only.

Im wondering if I should be doing this another way but my Irule TCL is just not strong enough.

Thanks in advance for any pointers.

application delivery
dev
devops
iRules
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2012
    Hi mrbongoco,

     

     

    Take a look at the HTTP::header sanatize command.

     

     

    Here is an the DevCentral Wiki post on Server Resource Cloaking: Server Resource Cloaking.

     

     

    The HTTP::header command with additional details is covered here: HTTP::header.

     

     

    Hope this helps.
  • John_Matlock_42's avatar
    John_Matlock_42
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2012
    In addition to Michaels response, clientside in this context isn't required as when you perform an action in the HTTP_RESPONSE you're modifying the packets as they're on their way back to the client. I dropped this irule in my test environment and confirmed it worked. 

    when HTTP_RESPONSE {
if { [HTTP::header "Server"] contains "Microsoft-IIS/7.0" } {
HTTP::header replace "Server" "testing"
} 
}

    John
  • mrbongoco_64052's avatar
    mrbongoco_64052
    Icon for Nimbostratus rankNimbostratus
    Apr 24, 2012
    Hi

     

    Firstly thank you for taking the time and interest in my post and also replying.

     

    I certainly look at both suggestions today and realised that maybe I wasnt that clear.

     

    I essentially want to stop clients (client side) seeing any info about the F5 itself but specifically the server type in the http header.

     

    When a client connects to the vip without the fully qualified URL they see the f5 landing page thus exposing the F5 to any wouldbe attacker.

     

    Hope this makes more sense.

     

    Jon
  • Bryce_Klimoski's avatar
    Bryce_Klimoski
    Icon for Nimbostratus rankNimbostratus
    Apr 26, 2012
    Posted By mrbongoco on 04/23/2012 10:36 PM

     

    Hi

     

    Firstly thank you for taking the time and interest in my post and also replying.

     

    I certainly look at both suggestions today and realised that maybe I wasnt that clear.

     

    I essentially want to stop clients (client side) seeing any info about the F5 itself but specifically the server type in the http header.

     

    When a client connects to the vip without the fully qualified URL they see the f5 landing page thus exposing the F5 to any wouldbe attacker.

     

    Hope this makes more sense.

     

    Jon

     

    I have only ever seen the F5 insert the Big-IP server header into a http response to the client when I call HTTP::redirect or HTTP::respond.

     

     

    With HTTP::redirect the server header is hardwired and the only way to by-pass this is to use HTTP::respond to send out the a 302 response code with a location header.

     

     

     

    HTTP::respond 302 noserver Location "http://www.domain.org" Server "testing"

     

     

     

    If your using the F5 to server up the initial landing page, you could do this.

     

     

     

    HTTP::respond noserver Server "testing" content $content