Preserving or modifying HTTP response headers removed by the BIG-IP ASM system

Information

Certain HTTP headers allow an HTTP server to provide information about the software that the server uses to handle HTTP requests. These HTTP headers may contain product and version information, as well as comments identifying the server and any significant sub-products. While this information may be useful for some clients, it is considered unnecessary information leakage. As a result, the BIG-IP ASM system removes these HTTP headers from responses to increase application security.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Log in to the Configuration utility.
2. Navigate to Local Traffic > iRules > iRule List.
3. Click Create.
4. In the Name field, type a name for the iRule.
For example:

K14342-ASMVS
5. In the Definition field, copy and paste the iRule you want.
6. To save the iRule, click Finished.

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|I, CCI|CCI-002385, Rule-ID|SV-74797r1_rule, STIG-ID|F5BI-LT-000221, Vuln-ID|V-60367

Plugin: F5

Control ID: 68347cb53e87351d075fc1f62e7cf2411bc11fa9afee0630f8a6c2b8e1c47361