Web Server HTTP Header Internal IP Disclosure
One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a traffic policy that looks for the user agent browser version but it did not work. Can I remediate this using a traffic policy or an irule? Results from the Nessus scan (I replaced internal ip with x): Nessus was able to exploit the issue using the following request : GET / HTTP/1.0 Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Accept-Language: en Connection: Close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* This produced the following truncated output (limited to 10 lines) : ------------------------------ snip ------------------------------ Location: https://x.x.x.x Content-Length: 0 Set-Cookie: BIGipServersecuritycode_pool=!eqWzOV3gZ9FYUseX0oXX4p1/qldnSqlypGSckjlKQ4SixTXmSwQJ5JGJA+YkLWE6hOe7moh3oHoh8P8=; path=/; Httponly; Secure X-FRAME-OPTIONS: SAMEORIGIN ------------------------------ snip ------------------------------