Remove X- Headers From Web Server Response
Problem this snippet solves:
Remove any X- header from web server HTTP responses
Here is a simple iRule which removes any response header from the pool which starts with X-. The goal is to prevent users of the application from learning details of the application architecture from these user-defined comment headers.
Code :
when HTTP_RESPONSE { # Remove all instances of the Server header HTTP::header remove Server # Remove all headers starting with x- foreach header_name [HTTP::header names] { if {[string match -nocase x-* $header_name]}{ HTTP::header remove $header_name } } }
Published Mar 18, 2015
Version 1.0