NimbostratusHTTP Header responce problem
Good Morning,
I have an issue with some of my response headers and an irule for replacing certain responses. The rule I have below is set agains a number of our sites but when running a header response scan some of the comments don't seem to be respected. For example the "Server" and "X-Powered-By" still come back with the actual server and IIS details. Am I missing something or have I go the argument wrong?
BTW I've new with F5's and still learning how to create these syntax so appologese if I ask what seem like dumb questions, thank in advance.
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie secure $mycookie enable
}
if { !([ HTTP::header exists "X-Frame-Options" ])} { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" }
if { !([ HTTP::header exists "X-Powered-By" ])} { HTTP::header insert "X-Powered-By" "Server" }
if { !([ HTTP::header exists "Server" ])} { HTTP::header insert "Server" "A-Server" }
if { !([ HTTP::header exists "Cache-Control" ])} { HTTP::header insert "Cache-Control" "no-cache" }
if { !([ HTTP::header exists "X-XSS-Protection" ])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" }
if { !([ HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "nosniff" }
if { !([ HTTP::header exists "Strict-Transport-Security" ])} { HTTP::header insert "Strict-Transport-Security" "max-age=15768000" }
}
Hi MattNears,
If server's response contains "Server" header or "X-Powered-By" header or other headers in the iRule, "Server" and "X-Powered-By" headers will come back with the actual server and IIS details. You should use "else" blocks and HTTP::header replace command.
if { !([HTTP::header exists "Server"]) } { HTTP::header insert "Server" "A-Server" } else { HTTP::header replace "Server" "A-Server" }
