For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Glass_3854's avatar
John_Glass_3854
Historic F5 Account
Sep 13, 2006

Modification of http response header when using HTTP::redirect

Hello,

 

 

I think I'm trying to do something very basic - redirect all HTTP traffic for a given virtual address to the HTTPS virtual server. I found SOL3847 at Ask F5, which appeared to be exactly what I was looking for. (I'm running 9.2.2)

 

 

rule redirector {

 

This iRule redirects all HTTP traffic to

 

the SSL virtual. From tech.f5.com SOL3847.

 

when HTTP_REQUEST {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

}

 

 

The issue is that using this rule alone results in an HTTP response header being sent back to the client indicating:

 

 

"Server: BIG-IP"

 

 

I would like to replace "BIG-IP" with "Company Name". Usually, I accomplish this via:

 

 

when HTTP_RESPONSE {

 

HTTP::header replace Server "Company Name"

 

}

 

 

However, it appears as though the HTTP_RESPONSE test is not being met when the redirect is issued directly from the BIG-IP.

 

 

Is there a way to replace the Server response header in iRules - or is that a potential stream profile candidate?

 

 

Finally, the redirect issued is a 302. Any idea why a 301 is not being sent for what is effectively a permanent situation?

 

 

Thanks,

 

InfoMonkey
application delivery
dev
devops
iRules

6 Replies

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Sep 13, 2006
    I don't believe you can override the header values in the HTTP::redirect command. But, you can always use the HTTP::respond command to send back any respond code you wish. And, that command allows you to add headers.

     

     

    HTTP::respond [content ] [ ]+

     

     

    when HTTP_REQUEST {
  HTTP::respond 302 Location "http://www.domain.org" "Server" "Company Name"
}

     

     

    The downside to this is that it will return two Server headers, one with "Company Name" and another with the default "BIG-IP". Looks like that one is hard coded in there.

     

     

    The reason a "HTTP::header replace" won't work is that that is in the context of a request. The HTTP::redirect and respond generate new response messages with their own set of headers. I'm not sure if a stream profile will work on headers in BIG-IP generated responses, but it's worth a try.

     

     

    If you want to change the response code to a 301, go ahead and change it in the respond command.

     

     

    *Update* - should have checked to see that deb already responded...

     

     

    -Joe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Sep 13, 2006
    With this request:

     

     

    HTTP::respond 302 "Location" "http://www.foo.com" "Server" "My Company"

     

     

    here are the response headers returned to my client.

     

     

    HTTP/1.0 302 Found

     

    Location: http://www.foo.com

     

    Server: My Company

     

    Server: BIG-IP

     

    Connection: close

     

    Content-Length: 0

     

     

    -Joe
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Sep 13, 2006
    Thanks for that, I'll include in the casenotes.

     

    (Connection header response must be conditional to request...)

     

     

    /deb
  • John_Glass_3854's avatar
    John_Glass_3854
    Historic F5 Account
    Sep 14, 2006
    Deb and Joe - thanks for taking this on.

     

     

    Deb, yes, this is very important to my company. Please post the CR number and I will open a support case.

     

     

    For the record - I did go ahead and try a stream profile. It would not replace BIG-IP with "Company Name".

     

     

    I would very much like to manipulate all response headers (heck, why not all headers?) while using http::redirect.

     

     

    Thanks,

     

    InfoMonkey