Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11
Fixed In:
11.6.0, 11.5.2, 11.4.1 HF4
Opened: Jan 16, 2014 Severity: 3-Major Related Article:
K15371
Setting up a Policy to replace HTTP header results in both the existing and new header values appearing instead of the expected behavior of replacing an existing header with a new one. The following example which attempts to replace the Server: header with a generic "AnonymousServer" demonstrates this. In this example, one would observe the response containing two Server: headers. ltm policy /Common/replace_server { controls { response-adaptation } requires { http } rules { replace_a_header { actions { 0 { http-header response replace name Server value AnonymousServer } } conditions { 0 { http-header response name Server starts-with values { Apache } } } ordinal 1 } } strategy /Common/first-match }
This can result in duplicate values for the specified HTTP headers.
This replacement header specified in the Policy is inserted under all conditions.
Can employ a custom iRule to achieve equivalent result. Below is an example of an iRule to replace the User-Agent header: when HTTP_REQUEST { set useragent [HTTP::header value User-Agent] if {$useragent contains "Mozilla"} { HTTP::header replace User-Agent "MMMMMMMMM" } }
The policy will properly replace specified HTTP headers.