How to know if server cloaking is enabled in ASM

nat

It depends on what you really mean by "server cloaking". In its simplest form this would be preventing response headers from exposing backend server information i.e. application in use and its version. Is this what you mean?

If so, then ASM removes the Server response HTTP header by default so this is one way to perform server cloaking. To check this is working fire up your favourite HTTP inspection app (fiddler, httpwatch, httpfox, developer tools etc.) and check the response headers from a web app behind an ASM.

Hope this helps,

N

Hi Nathaneil,

"Server Cloaking" is a technique/configuration that strips unnessesary HTTP-Headers from your HTTP-Responses, that may otherwise help an attacker to identify the underlying OS / webserver version during the mapping of your network and to become able to launch tailordered attacks right after.

Server cloaking is not supported by ASM and does require the use of iRules, to remove those HTTP::header in transit.

You may read the following article to understand how it works. Make sure to also read the comments of this post, since they are containing alternative approaches (e.g. via [HTTP::header sanitize] or the use of HTTP profiles settings to cloak the responses as needed.

https://devcentral.f5.com/articles/security-irules-101-engage-cloak

Cheers, Kai