Forum Discussion

Robb_Lyall_1456's avatar
Robb_Lyall_1456
Icon for Nimbostratus rankNimbostratus
Nov 02, 2016

Hide internal server IP addresses from client.

Devs,

 

I have an interesting request that I need some help with.

 

I have a client that is wanting to rewrite the headers on an Apache server to change the URL/URI to hide all the inside IP addressing from the client.

 

The client currently connects to a routeable IP address (no DNS involved yet) on an external firewall which NATs to the internal VIP IP address. When the connection on the F5 is made the pool selection is made via the URI via the current iRule and all is well and good except the Apache server presents the internal IP address of the pool member to the client as a response.

 

I am looking for any assistance to hide the internal pool member address and/or have the F5 reply with the original external IP address used for the initial request.

 

I do not have any access to the firewall to make changes to the NAT and we currently cannot allow the external IP address to be presented on the F5 VIP.

 

Thank you.

 

devops
iRules
LTM

3 Replies

Sort By
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Nov 02, 2016

    I guess, this can be achieve with use of DNS(external IP & internal IP) & irule with STREAM::expression.

     

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Nov 02, 2016

    You would have to identify where the pool member IP address is provided and replace it with a masking value like xxx.xxx.xxx.xxx using stream profile. SOL8115

     

  • crodriguez's avatar
    crodriguez
    Ret. Employee
    Nov 02, 2016

    You can easily implement an iRule that will remove any unwanted HTTP response headers using the HTTP::header remove command. There are many examples on DevCentral Here are links to a couple of them:

     

    Strip HTTP Server Header

     

    Remove X-Headers from Web Server Response

     

    In newer releases of BIG-IP, you can also use a Local Traffic Policy to remove unwanted headers, which would be more efficient than an iRule.