For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kimihito's avatar
Kimihito
Icon for Employee rankEmployee
Jun 02, 2014

Linerate : HTTP response modification

Hello, I am trying to catch cliResp to replace its 'Server' header with proxyhost. And bind it to servResp to send it to a client. My script below does not work. I get fpm.on listener is triggered....
linerate
Kimihito's avatar
Kimihito
Icon for Employee rankEmployee
Jun 05, 2014

I have got it working.

"use strict";
var fpm = require('lrs/forwardProxyModule');
var os = require('os');
var proxyhost = os.hostname();
var processRequest = function(servReq, servResp, next){
    servReq.on('response', function processResponse(cliResp){
            cliResp.bindHeaders(servResp);
            servResp.setHeader("Server", proxyhost);
            cliResp.pipe(servResp);
            console.log('response modified');
    });
    next();
}
var createCallback = function(fp) {
    fp.on('request', processRequest);
};
fpm.on('exist', 'myForwardProxy', createCallback);

Curl from client. 'Server' is modified from 'Apache/2.2.22 (Debian)' to 'myLinerate'. It is placed in the end of response header. It actually looks removing and adding, instead of 'modifying'.

root@debian1:~ curl http://172.16.0.1 -v
* About to connect() to 172.16.0.1 port 80 (0)
*   Trying 172.16.0.1...
* connected
* Connected to 172.16.0.1 (172.16.0.1) port 80 (0)
> GET / HTTP/1.1
> User-Agent: curl/7.26.0
> Host: 172.16.0.1
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Mon, 02 Jun 2014 06:48:03 GMT
< Last-Modified: Tue, 27 May 2014 05:41:18 GMT
< ETag: "21a0a-c8-4fa5b251ef22b"
< Accept-Ranges: bytes
< Content-Length: 200
< Vary: Accept-Encoding
< Content-Type: text/html
< X-Pad: avoid browser bug
< Server: myLinerate
< 
It works! This is debian server 
This is the default web page for this server.
The web server software is running but no content has been added, yet.

* Connection 0 to host 172.16.0.1 left intact
* Closing connection 0
root@debian1:~

Without the script, it was...

< HTTP/1.1 200 OK
< Date: Mon, 02 Jun 2014 06:43:48 GMT
< Server: Apache/2.2.22 (Debian)
< Last-Modified: Tue, 27 May 2014 05:41:18 GMT
< ETag: "21a0a-c8-4fa5b251ef22b"
< Accept-Ranges: bytes
< Content-Length: 200
< Vary: Accept-Encoding
< Content-Type: text/html
< X-Pad: avoid browser bug
<