Forum Discussion
Remove the "Server" header
Hi Guys,
I have below irule created into LTM and enabled for virtual servers. but I need to remove the "Server" header.
Device version: BIG-IP 14.1.2.6
when HTTP_RESPONSE {
# Remove all instances of the Server header
HTTP::header remove Server
# Remove all headers starting with x- or server
foreach header_name [HTTP::header names] {
if { $header_name starts_with "x-" or $header_name starts_with "X-"} {
if { [class match $header_name equals asm_remove_server_response_dg] } {
HTTP::header remove $header_name
}
}
}
}
Can you guys please help to create request header irule for VS ?
Hi Dario and Jaikumar,
Thank you for your responses and sharing all possible resolutions for this problem.
I have double checked this and found., there are two different LTMs (Internal and External),. One is WAF enabled and other is not.
- When users are accessing from external network the traffic comes to the public IP address of site which is NAT'ed with the external VIP address (External LTM) and that device is WAF enabled and also ASM irule associated.
- In other side, when accessing from internal private network, the traffic goes to split brain DNS where local host A record is configured for another virtual server which is completely different than (Point 1) virtual server and pool member addresses.
In short, The external traffic is coming to External LTM (WAF enabled) and internal private network traffic is going to Internal LTM (WAF not enabled).
Hence, the HTTP "Server" header is only appearing to the internal network users and not for external clients.
, The both solutions which you have provided are pretty good and for this scenario, the second solution is best one to apply.
Once again thank you for all your help.
Regards,
Rahul
Hello Rahul.
"Server" (or "X-Server") is a response header, not a request header.
REF - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Regards,
Dario.
- Rahul_MoreCirrus
Hi Dario,
Thanks for sharing the reference site to clear the request /response confusion.
Standard Response Field:
Server A name for the server Server: Apache/2.4.1 (Unix) Permanent
Could you please help in this either modification or new irule for Server header?
Regards,
Rahul
Hi Rahul,
more simple, use a Local Traffic Policy to Remove your HTTP Header like below :
Regards
- Rahul_MoreCirrus
Yes, that's true. I will follow the same to from now onwards. Thanks again :-)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com