Forum Discussion

field_bad_service's avatar
Dec 06, 2023

How to block software information from BigIP APM

Hello everybody,

I am facing a challenge with the exposure of information in Censys when using a portal via BIgIP APM. I would like to know if it is possible to restrict access or block information publicly displayed by Censys.

Currently, when I use Censys, I notice that some information is being publicly exposed, and I would like to take steps to limit or prevent this exposure.

My question is: is there any specific setting, profile, policy etc in BIgIP APM that can be adjusted to prevent certain information from being publicly displayed?

4 Replies

  • if those fields comes from f5's http response header, you can try use irules or traffic policy to remove the headers

    • field_bad_service's avatar
      Icon for Altocumulus rankAltocumulus

      Thanks for your response.

      The problem is precisely this, I don't know exactly where this information is coming from, the question is along these lines, finding out where this is visible so that it can be blocked and not be something exploitable.

      • zamroni777's avatar
        Icon for Cumulonimbus rankCumulonimbus

        you can use Network tab in browser's Developer Tool to see the http details.

        tcpdump -s0 -f5 ssl ... can also give you the plain http layer data.

  • You'll have to figure out how that Censys system creates these guesses. The vendor may be able to provide this information, though security vendors often are secretive or rely on obsucurity: they may not want to divulge how their product works technically in an effort to thwart researchers. It may also be that this Censys product combines multiple sources of information at different layers of the OSI stack and has a complex set of rules to arrive at a guess. 

    You can read here about how this stuff works at L4 (IP/TCP):

    You can read here about how this stuff works at L5-L6 (TLS):

    You can read about one method to fingerprint a BIG-IP at L7: