Forum Discussion

ragunath154's avatar
ragunath154
Icon for Cirrostratus rankCirrostratus
Oct 02, 2020

F5 configuration utility response server name as apache

hi

my security team sent a scan report that F5 configuration utility(management ip) response shows the server information as APACHE

 

how to get resolve this ..

1 Reply

  • Hi,

     

    F5 WebUI access (configuration utility) is managed by the httpd daemon.

    in httpd.conf (/config/httpd/conf/httpd.conf) the parameters ServerSignature (Off) and ServerTokens (Prod) only hide apache version, and does not support apache header removal.

    You cannot delete HTTP Header without install mod_security and add SecServerSignature instruction in httpd.conf

    it's not recommended to perform such an operation on F5-BIP, a better solution would be to strengthen the security of the httpd daemon to make it more secure (disable HTTP Option method and changed the SSL protocols allowed by Configuration utility)

     

    REF:

     

    Regards