F5 Big-Ip HTML Headers request

**Request for new fingerprint(s) for a product**  
F5 Big-IP is not present in the xml/html_headers.xml file

**Provide details about the product**  
F5 Big-Ip is a popular load balancer

**What protocol(s) can be used to retrieve identifiable information about the product?** 
Identifiable information is retrieved from HTTPS
When browsing to F5 Device https://f5-server there is an easily identifiable Server: Apache in the header which is detected already by Recog.
But this Header has a 302 redirect to /tmui/login.jsp
It is here where <TITLE>BIG-IP®<TITLE> identifies the product

**What information can be collected on each protocol?**  
HTTPS: <TITLE>BIG-IP®<TITLE>

**What request, command, and/or payload can be used to retrieve information on each protocol?**  
```
HTTP GET /tmui/login.jsp
```

**Example banner(s) with specific version info**  
$curl -vk https://f5-server/

> GET / HTTP/1.1

> Host: f5-server

> User-Agent: curl/8.13.0

> Accept: */*

> 

* Request completely sent off

< HTTP/1.1 302 Found

< Date: Wed, 14 Jan 2026 07:16:29 GMT

< Server: Apache

< X-Frame-Options: SAMEORIGIN

< Strict-Transport-Security: max-age=16070400; includeSubDomains

< Location: /tmui/login.jsp

< Content-Length: 199

< Content-Type: text/html; charset=iso-8859-1



$curl -vk[ https://f5-server/tmui/login.jsp](https://infrlb2.infra.csda.gov.au/tmui/login.jsp)

> GET /tmui/login.jsp HTTP/1.1

> Host: f5-server

> User-Agent: curl/8.13.0

> Accept: */*

> 

* Request completely sent off

< HTTP/1.1 200 OK

< Date: Wed, 14 Jan 2026 07:40:34 GMT

< Server: Apache

< X-Frame-Options: SAMEORIGIN

< Strict-Transport-Security: max-age=16070400; includeSubDomains

< F5-Login-Page: true

< Pragma: no-cache, no-cache

< Cache-Control: no-cache, must-revalidate, no-store

< Content-Type: text/html;charset=utf-8

< Vary: Accept-Encoding

< Set-Cookie: JSESSIONID=di0rB4voqxoz87YjbgQL3GA5jYXI0FfY; Path=/tmui; Secure; HttpOnly; SameSite=Strict

< X-Content-Type-Options: nosniff

< X-XSS-Protection: 1; mode=block

< Content-Security-Policy: default-src 'self'  'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data:  http://127.4.1.1/ http://127.4.2.1/

< Transfer-Encoding: chunked

< 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

       [ http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd](http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd)>

<html xmlns=http://www.w3.org/1999/xhtml>

<head>

    <title>BIG-IP&reg; - f5-server (192,168.0.2)</title>

**Fingerprint**
I have tested the attached XML using bin/recog_verify

[F5_http_title.xml](https://github.com/user-attachments/files/24607835/F5_http_title.xml)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

F5 Big-Ip HTML Headers request #658

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

F5 Big-Ip HTML Headers request #658

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions