Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

F5 configuration utility response server name as apache

ragunath154
Cirrostratus
Cirrostratus

‎02-Oct-2020 01:34

hi

my security team sent a scan report that F5 configuration utility(management ip) response shows the server information as APACHE

 

how to get resolve this ..

Labels:
0 Kudos
1 REPLY 1

Lidev
MVP
MVP

‎02-Oct-2020 06:39

Hi,

 

F5 WebUI access (configuration utility) is managed by the httpd daemon.

in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.

You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.conf

it's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)

 

REF:

 

Regards

 

0 Kudos
Copyright © 2023 Khoros, LLC