For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gustavo_Lazarte's avatar
Gustavo_Lazarte
Icon for Nimbostratus rankNimbostratus
Jul 21, 2008

Modifying Header Location

We are having problems passing a security audit because IIS 5 shows the name of the servers when it does a redirection on the location part of the header. The problems is when we hit a redirect (302 O...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 23, 2008
The location value should be a fully qualified URL, including the protocol. If you add http:// or https:// to the Location value, does it work?

You can add logging to find out what's happening: 

 
 when HTTP_RESPONSE {  
    log local0. "[IP::client_addr]:[TCP::client_port]: response status: [HTTP::status]" 
    if { [HTTP::status] == 302 } {  
  
       log local0. "[IP::client_addr]:[TCP::client_port]: Location: [HTTP::header Location]" 
       switch [string tolower [HTTP::header Location]] {  
          "server01" -  
          "server02" -  
          "server03" {  
             HTTP::header replace Location "http://www.site.com" 
             log local0. "[IP::client_addr]:[TCP::client_port]: found a serverXX value, rewriting to http://www.site.com" 
          }  
       }  
    }  
  }

Aaron