Forum Discussion
al_kabeer_2905
Nimbostratus
NimbostratusIRule to remove server banner from header reply
hi,
i have 2 webservers, having VIP, i want to remove the server name ( server banner) from response of F5.
thanksssssss
6 Replies
What_Lies_Bene1Cirrostratus
This should do it;when HTTP_RESPONSE { HTTP::header remove Server }- Kevin_Stewart
Employee
If you know all of the headers that should be allowed, you can also configure this in the HTTP profile. 
Brian_KenworthyHi Guys, I stumbed across this thread and wanted to ask if there was an easy way to remove the Server: BigIP from the response header. I am actually using an iRule, based on Server Resource Cloaking wiki (https://devcentral.f5.com/wiki/iRules.ServerResourceCloaking.ashx) but BigIP still returns the Server header even though it is not listed in the preserve list.
I also found this link about using the HTTP::Respond but I'm not sure how this would impact my application (https://devcentral.f5.com/wiki/iRules.http__respond.ashx)
Here is my iRule:
when RULE_INIT {
Create a list of the response headers to preserve. This needs to be tailored to the application!
set static::headers_to_preserve [list \
Accept-Range \
Cache-Control \
Content-Encoding \
Content-Length \
Content-Type \
Etag \
Last-Modified \
Pragma \
Set-Cookie \
Location \
Content-Disposition \
Transfer-Encoding \
Content-Security-Policy \
Strict-Transport-Security \
X-Content-Type-Options \
X-Frame-Options \
X-XSS-Protection \
X-Content-Security-Policy \
]
Log debug messages to /var/log/ltm? 1=yes, 0=no.
set static::clocking_debug 0
}
when HTTP_RESPONSE {
Remove all headers but those in the preserve list
foreach aHeader [HTTP::header names] {
if {not ([matchclass $static::headers_to_preserve equals $aHeader])}{
if {$static::clocking_debug}{log local0. "Removing: $aHeader: [HTTP::header value $aHeader]"}
HTTP::header remove $aHeader
}
}
}
Thanks in advance for your help!- What_Lies_Bene1
I think the issue here is that the header you want to remove isn't a header generated by a real server, it's generated by the BIG-IP. Are you using the HTTP::respond command or something similar in another rule applied to the same VS?
- Brian_KenworthyHi Steve, thanks for the reply. I am not using HTTP::respond in any other rules on the virtual server. I was wondering if I could add it to this rule? I am also thinking about just moving the allowed headers into an HTTP profile to eliminate this rule altogether. If I do that, could I use a simple HTTP::Respond rule to remove that BigIP header?
What I have obsered is that this header appears when you just hit the URL via HTTP since we have an irule that redirects to HTTPS so I think it stripping the BigIP header really only needs to happen on the HTTP virtual server, would you agree with that? This all came about via Qualys vulnerability scans that we are doing... - What_Lies_Bene1Perhaps try switching the redirect with a HTTP::respond command;
HTTP::respond 301 Location https://[HTTP::host][HTTP::uri]
