Forum Discussion

Nimbostratus

Mar 03, 2020

Web Server HTTP Header Internal IP Disclosure

One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a tra...

Nimbostratus

Mar 04, 2020

Thanks for the reply. I did create the irule but Nessus is still detecting the same vulnerability. This is frustrating to say the least.

Here is my irule:

when HTTP_RESPONSE {

if { [HTTP::header is_redirect]} {

HTTP::header replace Location [string map -nocase {1.1.1.1 securitycode.summithealth.org} [HTTP::header value Location]]

}

I then tried something similar using a policy:

http header named Content-Location contains any of x.x.x.x at response time.

Replace http header named Content-Location with value securitycode.summithealth.org at response time.

Still not resolved.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Web Server HTTP Header Internal IP Disclosure

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

Create a virtual server on internal vlan

Access internal DMZ virtual server in SSL VPN

Security Shortage? Look Internal.

Threat :Microsoft IIS is exposed to an Internal IP Disclosure Vulnerability

SSL Heartbleed server side iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS