Forum Discussion

zeropixel_23561's avatar
zeropixel_23561
Icon for Nimbostratus rankNimbostratus
Dec 21, 2015

troubleshooting techniques on ASM security policies (PLEASE ADVISE)

I configured the virtual server and pool for the application to go through F5 LTM. I tweaked the protocol profile and http profile, and I am able to browse the application and working fine.   How...
ASM Advanced WAF
LTM
security
zeropixel_23561's avatar
zeropixel_23561
Icon for Nimbostratus rankNimbostratus
Dec 22, 2015

I wonder if there are any header and limitations on ASM side? I saw whole bunch of http and protocol profiles on LTM side.

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Dec 22, 2015
    Perhaps httpfox or fiddler will help see what headers are in use with and without ASM enabled. By default ASM removes the Server header back to the client, for information disclosure reasons. It can be added back and there is an askf5 solution on it
  • zeropixel_23561's avatar
    zeropixel_23561
    Icon for Nimbostratus rankNimbostratus
    Dec 22, 2015
    It is new to me that ASM remove the server header. How can I disable this setting? I think that can be the reason.