Details

Certain HTTP headers allow an HTTP server to provide information about the software that the server uses to handle HTTP requests. These HTTP headers may contain product and version information, as well as comments identifying the server and any significant sub-products. While this information may be useful for some clients, it is considered unnecessary information leakage. As a result, the BIG-IP ASM system removes these HTTP headers from responses to increase application security.

Solution

1. Log in to the Configuration utility.
2. Navigate to Local Traffic > iRules > iRule List.
3. Click Create.
4. In the Name field, type a name for the iRule.
For example:

K14342-ASMVS
5. In the Definition field, copy and paste the iRule you want.
6. To save the iRule, click Finished.

Supportive Information

The following resource is also helpful.

• https://support.f5.com/csp/article/K53108777#link_01

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system F5.

References

• 800-53|SC-5
• CAT|I
• CCI|CCI-002385
• Rule-ID|SV-74797r1_rule
• STIG-ID|F5BI-LT-000221
• Vuln-ID|V-60367

Source

• Tenable.com/audits