Forum Discussion
drumik_61546
Nimbostratus
NimbostratusRemoving Headers from IIS
Weird issue. The script work some times, some times it doesn't.
Sometimes it's removing all the headers, sometimes it does what it suppose to do
Any ideas? I
m runing 9.4.6
when RULE_INIT {
Create a list of the response headers to preserve. This needs to be tailored to the application!
set ::headers_to_preserve [list \
Accept-Ranges\
Cache-Control\
Connection\
Content-Disposition\
Content-Encoding\
Content-Length\
Content-Type\
Date\
ETag\
Last-Modified\
Pragma\
Set-Cookie\
Location\
X-PvInfo\
Vary\
Transfer-Encoding\
Expires\
]
Log debug messages to /var/log/iisheader? 1=yes, 0=no.
set ::clocking_debug 1
}
when HTTP_RESPONSE {
Remove all headers but those in the preserve list
foreach aHeader [HTTP::header names] {
if {not ([matchclass $::headers_to_preserve equals $aHeader])}{
while {[HTTP::header exists $aHeader]}{
if {$::clocking_debug}{log local0. "Removing: $aHeader: [HTTP::header value $aHeader]"}
HTTP::header remove $aHeader
}
}
}
}
hoolioCirrostratus
That looks like it should work fine. Is there any pattern to the failures? Are no headers removed from some responses? Or is it just some headers that aren't removed from some responses? What do the logs show when a failure occurs?
It would probably be more efficient to just list the headers that the web server/application inserts that you don't want to send to the client.
Aaron
drumik_61546Seems to be that whenever we have more load (not a lot about 5 concurrent connections) irule stops working as it suppose to (it starts removing all headers except Date & ETag)
I created a new irule (copied from References)
when HTTP_RESPONSE {
loop through and remove all instances of the unwanted
headers from the server response
(Server, Date, X-Powered-By in this example)
foreach header {Server Date X-Powered-By} {
while { [HTTP::header exists $header] } {
log local0. "Removing- $header: [HTTP::header value $header]"
HTTP::header remove $header
}
}
}
Testing it now.
Seems to be a bug in code for me- Another option is to use the HTTP::sanitize command which allows you to specify which headers you DO want to pass through. The command will remove all other response headers.
-Joe - drumik_61546
Posted By Joe Pruitt on 10/14/2009 10:31 AM
Another option is to use the HTTP::sanitize command which allows you to specify which headers you DO want to pass through. The command will remove all other response headers.
-Joe
Joe,
It's not an option in my case
I can't have Proxy-Connection header
As per reference it's there by default
HTTP::header sanitize [header name]+
Removes all headers except the ones you specify and the following: Connection, Content-Encoding, Content-Length, Content-Type, Proxy-Connection, Set-Cookie, Set-Cookie2, and Transfer-Encoding. - hoolioI think the HTTP::header sanitize function would be a lot more useful if it didn't leave a default set of headers and an admin could fully configure the white list of headers to keep. It seems to be designed for response use and by default would break just about any app if used in requests.
Aaron - You could always use it in conjunction with a HTTP::header remove.
HTTP::sanitize "header1to" header2" if { [HTTP::header exists "Proxy-Connection" } { HTTP::header remove "Proxy-Connection" }
Just a thought...
-Joe - drumik_61546
Posted By Joe Pruitt on 10/14/2009 10:42 AM
You could always use it in conjunction with a HTTP::header remove.HTTP::sanitize "header1to" header2" if { [HTTP::header exists "Proxy-Connection" } { HTTP::header remove "Proxy-Connection" }
Just a thought...
-Joe
This might work
Thanks
I'll continue testing with the script that I created before.In case it fails that will be my next script to try
