Forum Discussion

drumik_61546's avatar
drumik_61546
Icon for Nimbostratus rankNimbostratus
Oct 14, 2009

Removing Headers from IIS

Weird issue. The script work some times, some times it doesn't.

 

Sometimes it's removing all the headers, sometimes it does what it suppose to do

 

Any ideas? I

 

m runing 9.4.6

 

 

 

when RULE_INIT {

 

 

Create a list of the response headers to preserve. This needs to be tailored to the application!

 

set ::headers_to_preserve [list \

 

Accept-Ranges\

 

Cache-Control\

 

Connection\

 

Content-Disposition\

 

Content-Encoding\

 

Content-Length\

 

Content-Type\

 

Date\

 

ETag\

 

Last-Modified\

 

Pragma\

 

Set-Cookie\

 

Location\

 

X-PvInfo\

 

Vary\

 

Transfer-Encoding\

 

Expires\

 

]

 

 

Log debug messages to /var/log/iisheader? 1=yes, 0=no.

 

set ::clocking_debug 1

 

}

 

when HTTP_RESPONSE {

 

 

Remove all headers but those in the preserve list

 

foreach aHeader [HTTP::header names] {

 

if {not ([matchclass $::headers_to_preserve equals $aHeader])}{

 

while {[HTTP::header exists $aHeader]}{

 

if {$::clocking_debug}{log local0. "Removing: $aHeader: [HTTP::header value $aHeader]"}

 

HTTP::header remove $aHeader

 

}

 

}

 

}

 

}

 

application delivery
dev
devops
iRules

7 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 14, 2009
    That looks like it should work fine. Is there any pattern to the failures? Are no headers removed from some responses? Or is it just some headers that aren't removed from some responses? What do the logs show when a failure occurs?

     

     

    It would probably be more efficient to just list the headers that the web server/application inserts that you don't want to send to the client.

     

     

    Aaron
  • drumik_61546's avatar
    drumik_61546
    Icon for Nimbostratus rankNimbostratus
    Oct 14, 2009
    Seems to be that whenever we have more load (not a lot about 5 concurrent connections) irule stops working as it suppose to (it starts removing all headers except Date & ETag)

     

     

    I created a new irule (copied from References)

     

     

    when HTTP_RESPONSE {

     

    loop through and remove all instances of the unwanted

     

    headers from the server response

     

    (Server, Date, X-Powered-By in this example)

     

    foreach header {Server Date X-Powered-By} {

     

    while { [HTTP::header exists $header] } {

     

    log local0. "Removing- $header: [HTTP::header value $header]"

     

    HTTP::header remove $header

     

    }

     

    }

     

    }

     

     

    Testing it now.

     

     

    Seems to be a bug in code for me

     

     

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 14, 2009
    Another option is to use the HTTP::sanitize command which allows you to specify which headers you DO want to pass through. The command will remove all other response headers.

     

     

    -Joe
  • drumik_61546's avatar
    drumik_61546
    Icon for Nimbostratus rankNimbostratus
    Oct 14, 2009

    Posted By Joe Pruitt on 10/14/2009 10:31 AM

     

    Another option is to use the HTTP::sanitize command which allows you to specify which headers you DO want to pass through. The command will remove all other response headers.

     

    -Joe

     

     

     

    Joe,

     

     

    It's not an option in my case

     

    I can't have Proxy-Connection header

     

     

    As per reference it's there by default

     

     

     

    HTTP::header sanitize [header name]+

     

    Removes all headers except the ones you specify and the following: Connection, Content-Encoding, Content-Length, Content-Type, Proxy-Connection, Set-Cookie, Set-Cookie2, and Transfer-Encoding.

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 14, 2009
    I think the HTTP::header sanitize function would be a lot more useful if it didn't leave a default set of headers and an admin could fully configure the white list of headers to keep. It seems to be designed for response use and by default would break just about any app if used in requests.

     

     

    Aaron
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 14, 2009
    You could always use it in conjunction with a HTTP::header remove. 

     HTTP::sanitize "header1to" header2"  
 if { [HTTP::header exists "Proxy-Connection" } {  
   HTTP::header remove "Proxy-Connection"  
 }

    Just a thought...

    -Joe
  • drumik_61546's avatar
    drumik_61546
    Icon for Nimbostratus rankNimbostratus
    Oct 14, 2009

    Posted By Joe Pruitt on 10/14/2009 10:42 AM

    You could always use it in conjunction with a HTTP::header remove. 

     HTTP::sanitize "header1to" header2"   
 if { [HTTP::header exists "Proxy-Connection" } {   
 HTTP::header remove "Proxy-Connection"   
 }

    Just a thought...

    -Joe

    This might work

    Thanks

    I'll continue testing with the script that I created before.In case it fails that will be my next script to try