Eduardo_SCR_151
Jan 09, 2017Nimbostratus
Internal IP shown in http redirects
Hello. We have seen that with our configuration it is possible to gather the internal VIP address. This happens when the clients sends a request with the host header empty, and the real server answer with a redirect. In this situation, the F5 (11.5.3) rewrites the location header with the VIP address (which is not the public IP address). I would like to avoid that. In the normal use, all browsers will use a correct value in the host header, but it is possible to generate requests with an empty host header. The http profile is:
ltm profile http http_rewrite_matching {
app-service none
defaults-from http
proxy-type reverse
redirect-rewrite all
server-agent-name none
ltm profile http http {
accept-xff disabled
app-service none
basic-auth-realm none
encrypt-cookies none
enforcement {
max-header-count 64
max-header-size 32768
max-requests 0
pipeline allow
truncated-redirects disabled
unknown-method allow
}
fallback-host none
fallback-status-codes none
header-erase none
header-insert none
insert-xforwarded-for disabled
lws-separator none
lws-width 80
oneconnect-transformations enabled
proxy-type reverse
redirect-rewrite none
request-chunking preserve
response-chunking selective
response-headers-permitted none
server-agent-name none
sflow {
poll-interval 0
poll-interval-global yes
sampling-rate 0
sampling-rate-global yes
}
via-request preserve
via-response preserve
xff-alternative-names none
}