Forum Discussion
NimbostratusUnable to Remove HTTP server signature - Bigip info still displayed -
Hi all,
I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed.
How can I get to have this information not to be displayed anymore )
IRULE:
comment : The purpose of this irule is to remove unnecessary HTTP header that can give too much information to attackers when HTTP_RESPONSE { HTTP::version "1.1" HTTP::header remove Server HTTP::header remove X-Powered-By HTTP::header remove X-AspNet-Version }
comment 20032015 - equivalent to using HTTP::redirect, but with the Server BigIP header suppressed. In this example we're redirecting our http:// request to the https:// version
when HTTP_REQUEST { if { [HTTP::uri] contains "/blabla/" } then { HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]" } }
19 Replies
nitass_89166Noctilucent
I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed.
do you have trace or something like that which shows bigip header?
LaurentG_53647To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ---------------------------------------------------------- BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find. Regards
- nitass
Employee
I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed.
do you have trace or something like that which shows bigip header?
- LaurentG_53647To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ---------------------------------------------------------- BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find. Regards
- LaurentG_53647
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information
see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0 + HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.
Regards
- LaurentG_53647
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information
see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0 + HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.
Regards
- LaurentG_53647
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information
see trace:POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com
GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.
Regards
- LaurentG_53647
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information
see trace:POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com
GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.
Regards
Heading 
Brad_ParkerCirrus
Try editing your HTTP profile and blank out the "Server Agent Name" field.
- LaurentG_53647Hi Brad I checked the parameters but I did not find this field in my http profile. just to be sure, it is located here Local Traffic ›› Profiles : Services : HTTP , right?
- Brad_ParkerYes, what BigIP version are you running? I think it may have been introduced as a configurable option in 11.5.
- Brad_ParkerAlso, do you have any other iRules attached to your HTTPS VS that could be responding to requests on the root of the site?
- Brad_Parker_139
Nacreous
Try editing your HTTP profile and blank out the "Server Agent Name" field.
- LaurentG_53647Hi Brad I checked the parameters but I did not find this field in my http profile. just to be sure, it is located here Local Traffic ›› Profiles : Services : HTTP , right?
- Brad_Parker_139Yes, what BigIP version are you running? I think it may have been introduced as a configurable option in 11.5.
- Brad_Parker_139Also, do you have any other iRules attached to your HTTPS VS that could be responding to requests on the root of the site?
- LaurentG_53647
Thanks I had an other Irule disclosing the information
