Forum Discussion

Nimbostratus

Mar 03, 2020

Web Server HTTP Header Internal IP Disclosure

One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a tra...

Nimbostratus

Mar 05, 2020

I was able to work around this by implementing the below irule but then the application breaks. Anyone have any ideas on how to remediate the vulnerability but keep the web site working?

when HTTP_RESPONSE {

if { [HTTP::header is_redirect]} {

HTTP::header replace Location \

[string map -nocase "https://x.x.x.x/vipssp/ https://securitycode.summithealth.org/vipssp/" [HTTP::header value Location]]

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Web Server HTTP Header Internal IP Disclosure

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

Communication between DMZ & Internal devices

vip call another vip with internal ip

planning to use only internal IP address

F5 LTM SNAT: only 1 outgoing connection, multiple internal clients

Server cert expired

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS