Hi Exploitation Reseau Almerys,
you need to check the HTTP-Path (or HTTP::uri) within the
HTTP_REQUEST
event and then
set
a
$variable
with the outcome of the check (e.g. Boolean
0|1
). The
$variable
can then be used to selectively remove HTTP-Response-Headers as needed.
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/somepath/file.txt" {
set remove_header 0
}
"/somepath/*" {
set remove_header 1
}
"/somepath/*.txt" {
set remove_header 0
}
"/somepath/*" {
set remove_header 1
}
"/someotherpath/*" {
set remove_header 1
}
"/someotherpath/file.txt" {
Note this wont work because the previous condition was already triggered.
set remove_header 0
}
default {
set remove_header 0
}
}
}
when HTTP_RESPONSE {
if { $remove_header == 1 } then {
HTTP::header remove "Server"
HTTP::header remove "X-Powered-By"
}
}
Cheers, Kai