Forum Discussion
Remove the "Server" header
- Nov 09, 2020
Hi Dario and Jaikumar,
Thank you for your responses and sharing all possible resolutions for this problem.
I have double checked this and found., there are two different LTMs (Internal and External),. One is WAF enabled and other is not.
- When users are accessing from external network the traffic comes to the public IP address of site which is NAT'ed with the external VIP address (External LTM) and that device is WAF enabled and also ASM irule associated.
- In other side, when accessing from internal private network, the traffic goes to split brain DNS where local host A record is configured for another virtual server which is completely different than (Point 1) virtual server and pool member addresses.
In short, The external traffic is coming to External LTM (WAF enabled) and internal private network traffic is going to Internal LTM (WAF not enabled).
Hence, the HTTP "Server" header is only appearing to the internal network users and not for external clients.
, The both solutions which you have provided are pretty good and for this scenario, the second solution is best one to apply.
Once again thank you for all your help.
Regards,
Rahul
Hello Rahul.
"Server" (or "X-Server") is a response header, not a request header.
REF - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Regards,
Dario.
Hi Dario,
Thanks for sharing the reference site to clear the request /response confusion.
Standard Response Field:
Server A name for the server Server: Apache/2.4.1 (Unix) Permanent
Could you please help in this either modification or new irule for Server header?
Regards,
Rahul
- LidevOct 28, 2020MVP
Hi Rahul,
more simple, use a Local Traffic Policy to Remove your HTTP Header like below :
Regards
- jaikumar_f5Nov 08, 2020MVP
Can you double confirm if all your traffic (both external & Internal) are ultimately going to the same ltm and same virtual. If it's going to same virtual and there's irule, where you are removing the header, I don't see how it's getting inserted again.
See how many flows are involved and capture packets in the flows to see who is inserting this header.
- jaikumar_f5Nov 10, 2020MVP
Glad you got it resolved. It's common we always skip looking the fundamentals and troubleshoot at high levels, happened to me multiple times. So I always start my troubleshooting from DNS resolution.
Please mark the thread closed too.
- Oct 28, 2020
Hello Rahul.
The iRule you already have above should be enough.
when HTTP_RESPONSE { HTTP::header remove {X-Server} HTTP::header remove Server }
Regards,
Dario.
- Rahul_MoreNov 06, 2020Cirrus
Hello Dario,
I tried with above changes but still showing "Server: Microsoft-IIS/10.0" in response. The split brain DNS is configured and internal path is not WAF enabled. The response does not appear when accessing from external network.
Only having issue while accessing the site from internal network.
Path : Internal user > NAT'd ip via external LTM > web server
Kindly suggest if any other solution
Regards,
Rahul
- Nov 08, 2020
Hello Rahul.
To fix this you have 2 chances:
- Force internal traffic to pass through a VS using this iRule.
- Disable "server" header directly in the backend server configuration.
Regards,
Dario.
- Rahul_MoreNov 09, 2020Cirrus
Hi Dario and Jaikumar,
Thank you for your responses and sharing all possible resolutions for this problem.
I have double checked this and found., there are two different LTMs (Internal and External),. One is WAF enabled and other is not.
- When users are accessing from external network the traffic comes to the public IP address of site which is NAT'ed with the external VIP address (External LTM) and that device is WAF enabled and also ASM irule associated.
- In other side, when accessing from internal private network, the traffic goes to split brain DNS where local host A record is configured for another virtual server which is completely different than (Point 1) virtual server and pool member addresses.
In short, The external traffic is coming to External LTM (WAF enabled) and internal private network traffic is going to Internal LTM (WAF not enabled).
Hence, the HTTP "Server" header is only appearing to the internal network users and not for external clients.
, The both solutions which you have provided are pretty good and for this scenario, the second solution is best one to apply.
Once again thank you for all your help.
Regards,
Rahul
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com