Forum Discussion

al_kabeer_2905's avatar
al_kabeer_2905
Icon for Nimbostratus rankNimbostratus
Mar 25, 2013

IRule to remove server banner from header reply

hi,

 

i have 2 webservers, having VIP, i want to remove the server name ( server banner) from response of F5.

 

thanksssssss

 

 

6 Replies

  • If you know all of the headers that should be allowed, you can also configure this in the HTTP profile.
  • Hi Guys, I stumbed across this thread and wanted to ask if there was an easy way to remove the Server: BigIP from the response header. I am actually using an iRule, based on Server Resource Cloaking wiki (https://devcentral.f5.com/wiki/iRules.ServerResourceCloaking.ashx) but BigIP still returns the Server header even though it is not listed in the preserve list.

     

     

    I also found this link about using the HTTP::Respond but I'm not sure how this would impact my application (https://devcentral.f5.com/wiki/iRules.http__respond.ashx)

     

     

    Here is my iRule:

     

     

    when RULE_INIT {

     

    Create a list of the response headers to preserve. This needs to be tailored to the application!

     

    set static::headers_to_preserve [list \

     

    Accept-Range \

     

    Cache-Control \

     

    Content-Encoding \

     

    Content-Length \

     

    Content-Type \

     

    Etag \

     

    Last-Modified \

     

    Pragma \

     

    Set-Cookie \

     

    Location \

     

    Content-Disposition \

     

    Transfer-Encoding \

     

    Content-Security-Policy \

     

    Strict-Transport-Security \

     

    X-Content-Type-Options \

     

    X-Frame-Options \

     

    X-XSS-Protection \

     

    X-Content-Security-Policy \

     

    ]

     

     

    Log debug messages to /var/log/ltm? 1=yes, 0=no.

     

    set static::clocking_debug 0

     

    }

     

    when HTTP_RESPONSE {

     

    Remove all headers but those in the preserve list

     

    foreach aHeader [HTTP::header names] {

     

    if {not ([matchclass $static::headers_to_preserve equals $aHeader])}{

     

    if {$static::clocking_debug}{log local0. "Removing: $aHeader: [HTTP::header value $aHeader]"}

     

    HTTP::header remove $aHeader

     

    }

     

    }

     

    }

     

     

    Thanks in advance for your help!
  • I think the issue here is that the header you want to remove isn't a header generated by a real server, it's generated by the BIG-IP. Are you using the HTTP::respond command or something similar in another rule applied to the same VS?

     

  • Hi Steve, thanks for the reply. I am not using HTTP::respond in any other rules on the virtual server. I was wondering if I could add it to this rule? I am also thinking about just moving the allowed headers into an HTTP profile to eliminate this rule altogether. If I do that, could I use a simple HTTP::Respond rule to remove that BigIP header?

     

     

    What I have obsered is that this header appears when you just hit the URL via HTTP since we have an irule that redirects to HTTPS so I think it stripping the BigIP header really only needs to happen on the HTTP virtual server, would you agree with that? This all came about via Qualys vulnerability scans that we are doing...
  • Perhaps try switching the redirect with a HTTP::respond command;

    
    HTTP::respond 301 Location https://[HTTP::host][HTTP::uri]