For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ucirl_161922's avatar
ucirl_161922
Icon for Nimbostratus rankNimbostratus
Oct 10, 2014

Removing the server name from the response header of F5

Hi,

 

I'm trying to setup an irule which removes the HTTP header in the response for http to https redirects. At the moment we can see Server:BigIP within the response and would like it removed. I've appended the following HTTP_RESPONSE to the HTTP2HTTPS rule but it's still not working:

 

when HTTP_RESPONSE {

 

if {[HTTP::is_redirect]} {

 

if {[HTTP::header Server] contains "BigIP" } { HTTP::header replace Server "www.servername.com" } } }

 

At the moment this rule appears to be ignored. I've added a log to the rule and it's not being shown in the actual log so it seems to process the http request but not the http response. I've tried 2 seperate irules but it's not working either. The HTTP_REQUEST rule I'm using is

 

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }

 

Any ideas? Is it possible conditions arent being met in the http_reponse which is why it is being ignored?

 

Thanks in advance.

 

application delivery
devops
iRules

6 Replies

  • ucirl_161922's avatar
    ucirl_161922
    Icon for Nimbostratus rankNimbostratus
    Oct 10, 2014

    Hi Kevin, Thanks for that. I've tried a few of the suggestions in the article but still cant get it to work. I tried the following HTTP_REQUEST: HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]" and it works sometimes but every 3rd/4th test, it shows up the server name again. I also tried

     

    when HTTP_REQUEST { set my_loc "https://[HTTP::host][HTTP::uri]" TCP::respond "HTTP/1.1 302 Found\r\n Location: $my_loc\r\n Connection: Keep-Alive\r\n Content-Length: 0\r\n " TCP::close } and it didnt work at all. Any other suggestions would be much appreciated.

     

    Thanks in advance.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 10, 2014

    Curious why the first fails. Are all of these redirects coming from this one HTTP::respond?

     

  • R_Eastman_13667's avatar
    R_Eastman_13667
    Historic F5 Account
    Oct 14, 2014

    Try this:

     

    if {[HTTP::header value "Server"] contains "BigIP" } { HTTP::header replace Server "www.servername.com" } } }

     

  • Wand_97484's avatar
    Wand_97484
    Icon for Nimbostratus rankNimbostratus
    Oct 17, 2014

    try the "noserver" option of HTTP::respond and add the original Server via "Header Name" "Header Value".

     

    https://devcentral.f5.com/wiki/iRules.HTTP__respond.ashx

     

    Note: The noserver flag was added in 9.4.2. It suppresses the insertion of the 'Server: BigIP' header. The noserver flag must be included after the content (if any).

     

  • Juraj's avatar
    Juraj
    Icon for Cirrus rankCirrus
    Apr 26, 2017

    In the latest version (v12.1.2 at this moment), you can get rid of 

    Server: BigIP
    by either editing the default 
    http
    profile (not recommended), or creating a new one by inheriting the 
    http
    profile (preferred), and then replacing/deleting 
    Server Agent Name
    in the profile.

    from config:

    ltm profile http my_http_profile {
   app-service none
   defaults-from http
   proxy-type reverse
   server-agent-name none
}

    Server Agent Name: Specifies the string used as the server name in traffic generated by LTM. The default value is BigIP.