Hi all, I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed. How can I get to have this information not to be displayed anymore ) IRULE: comment : The purpose of this irule is to remove unnecessary HTTP header that can give too much information to attackers when HTTP_RESPONSE { HTTP::version "1.1" HTTP::header remove Server HTTP::header remove X-Powered-By HTTP::header remove X-AspNet-Version } comment 20032015 - equivalent to using HTTP::redirect, but with the Server BigIP header suppressed. In this example we're redirecting our http:// request to the https:// version when HTTP_REQUEST { if { [HTTP::uri] contains "/blabla/" } then { HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP::uri]" } }

Try editing your HTTP profile and blank out the "Server Agent Name" field.

I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed. do you have trace or something like that which shows bigip header?

Unable to Remove HTTP server signature - Bigip info still displayed -

19 Replies

Brad_Parker_139
Nacreous
Apr 24, 2015
Try editing your HTTP profile and blank out the "Server Agent Name" field.
- LaurentG_53647
  Nimbostratus
  Apr 24, 2015
  Hi Brad I checked the parameters but I did not find this field in my http profile. just to be sure, it is located here Local Traffic ›› Profiles : Services : HTTP , right?
- Brad_Parker_139
  Nacreous
  Apr 24, 2015
  Yes, what BigIP version are you running? I think it may have been introduced as a configurable option in 11.5.
- Brad_Parker_139
  Nacreous
  Apr 24, 2015
  Also, do you have any other iRules attached to your HTTPS VS that could be responding to requests on the root of the site?
nitass_89166
Noctilucent
Apr 24, 2015
I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed.

do you have trace or something like that which shows bigip header?
- LaurentG_53647
  Nimbostratus
  Apr 24, 2015
  To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ---------------------------------------------------------- BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find. Regards
nitass
Employee
Apr 24, 2015
I create an irule to remove some headers information (see below) unfortunately with this irule, when I am running a sslabs check, the HTTP server signature : BigIP is still displayed.

do you have trace or something like that which shows bigip header?
- LaurentG_53647
  Nimbostratus
  Apr 24, 2015
  To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information see trace: http://ocsp.toto.com POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ---------------------------------------------------------- BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find. Regards

LaurentG_53647

Nimbostratus

Apr 24, 2015

To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information

see trace: 
http://ocsp.toto.com

POST / HTTP/1.1
Host: ocsp.toto.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 70
Content-Type: application/ocsp-request
Connection: keep-alive
0D0B0@0>0<0 +
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1386
Date: Fri, 24 Apr 2015 13:38:27 GMT
Connection: Keep-Alive
Age: 0
----------------------------------------------------------
https://tst.test.com

GET /blabla/ HTTP/1.1
Host: tst.test.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 24 Apr 2015 13:38:27 GMT
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58494
Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure;
Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/
----------------------------------------------------------

BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.

Regards

LaurentG_53647

Nimbostratus

Apr 24, 2015

To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information

see trace: 
http://ocsp.toto.com

POST / HTTP/1.1
Host: ocsp.toto.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 70
Content-Type: application/ocsp-request
Connection: keep-alive
0D0B0@0>0<0 +
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1386
Date: Fri, 24 Apr 2015 13:38:27 GMT
Connection: Keep-Alive
Age: 0
----------------------------------------------------------
https://tst.test.com

GET /blabla/ HTTP/1.1
Host: tst.test.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 24 Apr 2015 13:38:27 GMT
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58494
Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure;
Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/
----------------------------------------------------------

Regards

LaurentG_53647
Nimbostratus
Apr 24, 2015
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information

see trace:

http://ocsp.toto.com

POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com

GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive

HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------

BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.

Regards
LaurentG_53647
Nimbostratus
Apr 24, 2015
To check if it is display I use the firefox plugin - Live HHTP Header. (see With the above irule, I do not see HTTP header information

see trace:

http://ocsp.toto.com

POST / HTTP/1.1 Host: ocsp.toto.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive 0D0B0@0>0<0+ HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1386 Date: Fri, 24 Apr 2015 13:38:27 GMT Connection: Keep-Alive Age: 0 ---------------------------------------------------------- https://tst.test.com

GET /blabla/ HTTP/1.1 Host: tst.test.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive

HTTP/1.1 200 OK Date: Fri, 24 Apr 2015 13:38:27 GMT Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 58494 Set-Cookie: ASP.NET_SessionId=iVFTgqZQsxY6iSRhmLZZTQ1QR5sd9Kf4TmPh1JhJkFmqPS1Vx0q+8fIUvTWeWhtzmGwckE7ivmFIGcim1/EAAAAB;secure; Set-Cookie: TS01a40902=016657269f95f1d5f0e22028de27e17da0fc1d0b73c437d9b8205b8e5a2839fdeeac552df0c0edd399b312407b5a6104d727f9f3e4; Path=/ ----------------------------------------------------------

BUT I still can see it when I execute the Qualys SSL server check -https://www.ssllabs.com/ssltest/ The result of the check is displaying HTTP server signature : BigIP I wonder where this information can be find.

Regards
Heading
Brad_Parker
Cirrus
Apr 24, 2015
Try editing your HTTP profile and blank out the "Server Agent Name" field.
- LaurentG_53647
  Nimbostratus
  Apr 24, 2015
  Hi Brad I checked the parameters but I did not find this field in my http profile. just to be sure, it is located here Local Traffic ›› Profiles : Services : HTTP , right?
- Brad_Parker
  Cirrus
  Apr 24, 2015
  Yes, what BigIP version are you running? I think it may have been introduced as a configurable option in 11.5.
- Brad_Parker
  Cirrus
  Apr 24, 2015
  Also, do you have any other iRules attached to your HTTPS VS that could be responding to requests on the root of the site?
LaurentG_53647
Nimbostratus
May 05, 2015
Thanks I had an other Irule disclosing the information

Forum Discussion

Unable to Remove HTTP server signature - Bigip info still displayed -

19 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

About Bot Defense can't display

Public IP address display

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Unable to access GUI

BoT Defense Profile, Signature Enforcement