For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohamed_Reda_14's avatar
Mohamed_Reda_14
Icon for Nimbostratus rankNimbostratus
Mar 27, 2014

Removing the server name from the response header of F5

![Hi, I have and issue while response code 302 redirection is reaching F5 back from the actual server. If any client could see the header with a proxy application, he would be able to see the BigIP as the server name from the response header name, which will expose the identity of F5. is there any work-around solution for this issue?

 

application delivery
ASM Advanced WAF
devops
iRules
LTM
management
security

8 Replies

  • uni's avatar
    uni
    Icon for Altocumulus rankAltocumulus
    Mar 27, 2014

    Use this instead of the redirect

    HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]"
  • Mohamed_Reda_14's avatar
    Mohamed_Reda_14
    Icon for Nimbostratus rankNimbostratus
    Mar 27, 2014

    But this is the default irule of http  https redirect which I'm using. How to customize it or where to insert the noserver parameter? or should I remove it totally and use the one you provided instead? and will that impact the https redirection behavior then?

     

    • Mohamed_Lrhazi's avatar
      Mohamed_Lrhazi
      Icon for Altocumulus rankAltocumulus
      Mar 27, 2014
      Copy the F5's built in redirect irule, you dont need the signature definition thing... then paste it into your own http2https irule, name it my-http-2-https-rule or whatever... customize it and apply it where needed, instead of the original F5's one.
    • Mohamed_Reda_14's avatar
      Mohamed_Reda_14
      Icon for Nimbostratus rankNimbostratus
      Mar 27, 2014
      So Mohamed, you mean that the definition signature is the reason for the Big IP Server name
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Mar 27, 2014

    Your 302 would be in the HTTP_RESPONSE not the HTTP_REQUEST. You will need something like this... I have not tested this so you might have to make some modifications to it.

    when HTTP_RESPONSE {  
  if {[HTTP::is_redirect]} {              
        if {[HTTP::header Server] contains "BigIP" } {
          HTTP::header replace Server "www.servername.com"
        }
   }      
}
  • Mohamed_Reda_14's avatar
    Mohamed_Reda_14
    Icon for Nimbostratus rankNimbostratus
    Mar 27, 2014

    our current situation is as follows, 1- the client requests the server name with http 2- the used irule is redirecting the request to be HTTPS instead of https 3- the back end server replies in https 4- f5 replaces the back-end server_name with "server==BigIP" The issue is, I want to remove "server==BigIP" without affecting the redirection behavior. Is that applicable?

     

    • SynACk_128568's avatar
      SynACk_128568
      Icon for Cirrostratus rankCirrostratus
      Apr 03, 2014
      Found this https://devcentral.f5.com/s/feed/0D51T00006i7RwOSAU May be this will help
  • Juraj's avatar
    Juraj
    Icon for Cirrus rankCirrus
    Apr 26, 2017

    In the latest version (v12.1.2 at this moment), you can get rid of 

    Server: BigIP
    by either editing the default 
    http
    profile (not recommended), or creating a new one by inheriting the 
    http
    profile (preferred), and then replacing/deleting 
    Server Agent Name
    in the profile.

    from config:

    ltm profile http my_http_profile {
   app-service none
   defaults-from http
   proxy-type reverse
   server-agent-name none
}

    Server Agent Name: Specifies the string used as the server name in traffic generated by LTM. The default value is BigIP.