For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Aug 25, 2016

iRule: Referer header not removed in HTTP request

In order to test a possible solution for a problem, I want to remove the Referer header for certain incoming requests. This is the irule I created and added to the impacted virtual server:

when HTTP_REQUEST { 
     if { ( [HTTP::uri] contains "abc") && ( [HTTP::header "Referer"] contains "def")} {
              log local0. [HTTP::header "Referer"]
              HTTP::header remove "Referer"
              log local0. [HTTP::header "Referer"]
     }
}

However, when I take a tcpdump on the SNAT address of the virtual server, I can still see the Referer header with content being sent to our webservers. The logs above do show the Referer content being erased

Version 11.5.4

application delivery

1 Reply

Vijay_E
Cirrus
Aug 25, 2016
Take the tcp dump on the server. Make sure that the right case (lower/upper) is utilized.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5