Forum Discussion
Eduardo_SCR_151
Nimbostratus
NimbostratusInternal IP shown in http redirects
Hello. We have seen that with our configuration it is possible to gather the internal VIP address. This happens when the clients sends a request with the host header empty, and the real server answer with a redirect. In this situation, the F5 (11.5.3) rewrites the location header with the VIP address (which is not the public IP address). I would like to avoid that. In the normal use, all browsers will use a correct value in the host header, but it is possible to generate requests with an empty host header. The http profile is:
ltm profile http http_rewrite_matching {
app-service none
defaults-from http
proxy-type reverse
redirect-rewrite all
server-agent-name none
ltm profile http http {
accept-xff disabled
app-service none
basic-auth-realm none
encrypt-cookies none
enforcement {
max-header-count 64
max-header-size 32768
max-requests 0
pipeline allow
truncated-redirects disabled
unknown-method allow
}
fallback-host none
fallback-status-codes none
header-erase none
header-insert none
insert-xforwarded-for disabled
lws-separator none
lws-width 80
oneconnect-transformations enabled
proxy-type reverse
redirect-rewrite none
request-chunking preserve
response-chunking selective
response-headers-permitted none
server-agent-name none
sflow {
poll-interval 0
poll-interval-global yes
sampling-rate 0
sampling-rate-global yes
}
via-request preserve
via-response preserve
xff-alternative-names none
}
2 Replies
Vijay_ECirrus
I am not sure if there is a way to prevent it in the response. You can drop any such request without HTTP host header using iRule.
Have you considered writing an irule to solve the issue?
when HTTP_RESPONSE { if { [HTTP::is_redirect] } { HTTP::header replace Location [string map {"10.0.0.1" "1.1.1.1"} [HTTP::header Location]] } }/Patrik
