Forum Discussion

Nimbostratus

Jun 22, 2011

Best way to clean up HTTP headers, sanitize or Response Headers Allowed?

I want to remove a bunch of the IIS headers that don't need to be shared, what is the better way to do it? Use the sanitize function in an Irule? Or in the HTTP profile use the...

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Jun 23, 2011

Hi Nick,

In general if you can use default configuration options it will be more efficient than an iRule. I'd try the HTTP profile option for Response Headers Allowed to do this. It's a bit more clear of a solution as well as the HTTP::header sanitize function allows some headers but not all essential ones. With the HTTP profile, you'll see exactly which ones are allowed as they all need to be enumerated.

Aaron

Forum Discussion

Best way to clean up HTTP headers, sanitize or Response Headers Allowed?

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

Introduction of Incident Response

Remove X- Headers From Web Server Response

Inserting a http header on the response to the client

custom response page for api

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing