Best way to clean up HTTP headers, sanitize or Response Headers Allowed?

Question

I want to remove a bunch of the IIS headers that don't need to be shared, what is the better way to do it?

Use the sanitize function in an Irule?

Or in the HTTP profile use the "Response Headers Allowed" field?

Is there any advantage or disadvantage to either one? They seem like they do the same thing.

hooleylist · Answer

Hi Nick, 
&nbsp;  
&nbsp; In general if you can use default configuration options it will be more efficient than an iRule.  I'd try the HTTP profile option for Response Headers Allowed to do this.  It's a bit more clear of a solution as well as the HTTP::header sanitize function allows some headers but not all essential ones.  With the HTTP profile, you'll see exactly which ones are allowed as they all need to be enumerated. 
&nbsp;  
&nbsp; Aaron

nick_t_68319 · Answer

Posted By hoolio on 06/22/2011 10:07 PM 
Perfect, that's what I was hoping for.  Plus it's much easier to apply the response headers allowed globally in my environment :)

Hi Nick, &nbsp;
&nbsp; In general if you can use default configuration options it will be more efficient than an iRule.  I'd try the HTTP profile option for Response Headers Allowed to do this.  It's a bit more clear of a solution as well as the HTTP::header sanitize function allows some headers but not all essential ones.  With the HTTP profile, you'll see exactly which ones are allowed as they all need to be enumerated. &nbsp;
&nbsp; Aaron
&nbsp;
&nbsp;

Forum Discussion

Best way to clean up HTTP headers, sanitize or Response Headers Allowed?

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Introduction of Incident Response

Remove X- Headers From Web Server Response

custom response page for api

Sanitize special characters in AD groups names

Security headers