Disable HTTP OPTIONS method and Disable TCP Timestamp responses

a. Like what iaine mentioned, you can use the known methods setting in the HTTP profile to reject/reset the connection. Alternatively you can use an iRule to either reject or return a HTTP 501 response. For more information, refer to https://support.f5.com/csp/article/K34769490. Also if you have ASM module licensed and provisioned, the ASM security policy would block OPTIONS method by default.

b. There is a potential performance tradeoff when TCP Timestamp is disabled in either the TCP profile (Timestamps Extension for High Performance (RFC 1323) setting) or the FastL4 profile (TCP Timestamp Mode setting). You may want to consider randomising the TCP Timestamp instead by enabling this db key tm.tcpsendrandomtimestamp. For more details, you may want to take a look at https://support.f5.com/csp/article/K8072.

Thank you for your answers!

Hi

You can disable HTTP OPTIONS in the HTTP profile in the known methods section. If you want to only disable it for a single VIP then create a new HTTP profile, make the required change and then associate it to your VIP

For TCP Timestamps. Again, if you want to disable, this is in the TCP Profile in the Congestion Control section. Create a new TCP profile, make your change and then associate it to your VIP