Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Oct 29, 2018

APM Returning "Big IP" in Server field, but need to hide that information.

I have one of my customers running through APM for some SAML authentication. One of their concerns is that when inspecting some headers the Server field is populated with "Big IP", while the customer would prefer another layer of security through obfuscation.

It appears that the "Server: Big IP" field is being populated after the 302 redirect from APM when /my.policy is served.

Is it possible to hide this field?

Due to it being in APM I believe I will need this statement:

when CLIENT_ACCEPTED {
     to get access to restricted URIs
    ACCESS::restrict_irule_events disable
}

However, in the irule, is there a way to tell the BigIP to return a different, or no, value in the Server field?

Is there a way to do it in the HTTP profile maybe?

Thanks.

  • gdoyle's avatar
    gdoyle
    Icon for Cirrostratus rankCirrostratus

    Resolved this issue by creating a custom HTTP profile and editing the "Server Agent Name" field to a unique value.