Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 configuration utility response server name as apache

ragunath154
Cirrus
Cirrus

hi

my security team sent a scan report that F5 configuration utility(management ip) response shows the server information as APACHE

 

how to get resolve this ..

1 REPLY 1

Lidev
MVP
MVP

Hi,

 

F5 WebUI access (configuration utility) is managed by the httpd daemon.

in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.

You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.conf

it's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)

 

REF:

 

Regards