Forum Discussion
CirrusQualys Scan is Failing
Hi Guys, I'm currently failing a Qualys scan on internal IP disclosure (see result below). In the past I've used a stream profile with an irule to match and remove the IP but it doesn't seem to work in this case (see stream profile & irule below). In addition, I've seen a recommendation to use local traffic policies to do the same job.
Can you shed some light on the best way to deal with this problem - I'm new to local traffic policies..?
===========
Scan Result
GET / HTTP/1.0
HTTP/1.1 302 Found Cache-Control: private Location: http://10.200.28.150:80/Account/logon?ReturnUrl=%2F Date: Fri, 04 May 2018 13:31:32 GMT Connection: close Content-Length: 0 Strict-Transport-Security: max-age=86400; includeSubDomains X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'self'; X-Content-Security-Policy: frame-ancestors 'self'; Set-Cookie: TS017aa91f=01e8dccf5829c93ffabe93e1b8e2264aac43b60fc3a274763adeb2ae1ec8a4f61c0be2b0aa750b373cfea8d91246816366125a9edf; Path=/; Secure; HTTPOnly
============
Stream Profile
Target: @http:\/\/\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}:\d{1,5}@http://storedvalue.payzoneplc.com@
=============
iRule
when HTTP_REQUEST { log local0. "Hitting irule_disable_stream" Disable the stream filter for all requests - we only want it for responses STREAM::disable } when STREAM_MATCHED {
Log the string which matched the stream profile log local0. "[IP::client_addr]:[TCP::client_port]: Scrubbed: [STREAM::match]" }
Need some guidance.
Thanks in advance...
Leonardo_SouzaCirrocumulus
LTM policy is basically a subset of the iRules with a simplified GUI. If you know iRules, you should have no problems with LTM policy.
Try to use the HTTP profile itself. It has one option to do redirect rewrite.