Forum Discussion

Nimbostratus

Mar 03, 2020

Web Server HTTP Header Internal IP Disclosure

One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a tra...

Cirrus

Mar 03, 2020

if the problem is the Location header that expose an IP address you can try with a simple irule that will rewrite the Location, for example:

when HTTP_RESPONSE {

if { [HTTP::header is_redirect]} {

HTTP::header replace Location [string map -nocase {1.1.1.1 www.something.com} [HTTP::header value Location]]

}

But you can implement something similar using an LTM policy.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Web Server HTTP Header Internal IP Disclosure

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

Create a virtual server on internal vlan

Access internal DMZ virtual server in SSL VPN

Security Shortage? Look Internal.

Threat :Microsoft IIS is exposed to an Internal IP Disclosure Vulnerability

SSL Heartbleed server side iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS