Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Removing the server name from the response header of F5

![Hi, I have and issue while response code 302 redirection is reaching F5 back from the actual server. If any client could see the header with a proxy application, he would be able to see the BigIP as the server name from the response header name, which will expose the identity of F5. is there any work-around solution for this issue?Image Text

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Your 302 would be in the HTTP_RESPONSE not the HTTP_REQUEST. You will need something like this... I have not tested this so you might have to make some modifications to it.

when HTTP_RESPONSE {  
  if {[HTTP::is_redirect]} {              
        if {[HTTP::header Server] contains "BigIP" } {
          HTTP::header replace Server "www.servername.com"
        }
   }      
} 
2
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Use this instead of the redirect

HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]"
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

But this is the default irule of http  https redirect which I'm using. How to customize it or where to insert the noserver parameter? or should I remove it totally and use the one you provided instead? and will that impact the https redirection behavior then? Image Text

0
Comments on this Answer
Comment made 27-Mar-2014 by Mohamed Lrhazi 398
Copy the F5's built in redirect irule, you dont need the signature definition thing... then paste it into your own http2https irule, name it my-http-2-https-rule or whatever... customize it and apply it where needed, instead of the original F5's one.
0
Comment made 27-Mar-2014 by Mohamed_Reda 84
So Mohamed, you mean that the definition signature is the reason for the Big IP Server name
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

our current situation is as follows, 1- the client requests the server name with http 2- the used irule is redirecting the request to be HTTPS instead of https 3- the back end server replies in https 4- f5 replaces the back-end server_name with "server==BigIP" The issue is, I want to remove "server==BigIP" without affecting the redirection behavior. Is that applicable?

0
Comments on this Answer
Comment made 02-Apr-2014 by SynACk 608
Found this https://devcentral.f5.com/questions/how-to-remove-the-quotserver-bigip-quot-header-when-using-quothttpredirect-quot May be this will help
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In the latest version (v12.1.2 at this moment), you can get rid of Server: BigIP by either editing the default http profile (not recommended), or creating a new one by inheriting the http profile (preferred), and then replacing/deleting Server Agent Name in the profile.

from config:

ltm profile http my_http_profile {
   app-service none
   defaults-from http
   proxy-type reverse
   server-agent-name none
}

Server Agent Name: Specifies the string used as the server name in traffic generated by LTM. The default value is BigIP.

0