Forum Discussion

Nimbostratus

Jan 11, 2012

Removing server header from http to https redirect

We have been asked to remove this by a client based on a pentest. I can find referernces to the noserver option in other posts but not the complete irule that incorrpates that w/ the redirected comma...

Historic F5 Account

Jan 11, 2012

To clarify, the iRule portion of Nitass post above is just:


when HTTP_REQUEST {
  HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]"
}

And he's right on, as usual. The idea is that you are setting a very specific response rather than using the pre-formatted redirect. The other option would be to specifically remove the header in question somewhere later down the line, like HTTP_REQUEST_SEND or the like, which is probably more involved.

Colin

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Removing server header from http to https redirect

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Adding and removing resources from vCMP.

Irule for www removal on https

remove iRule from VIP

SNAT pool address removal

iRule assistance for subfolder redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS