Forum Discussion
field_bad_service
Altocumulus
AltocumulusHow to block software information from BigIP APM
Hello everybody,
I am facing a challenge with the exposure of information in Censys when using a portal via BIgIP APM. I would like to know if it is possible to restrict access or block information publicly displayed by Censys.
Currently, when I use Censys, I notice that some information is being publicly exposed, and I would like to take steps to limit or prevent this exposure.
My question is: is there any specific setting, profile, policy etc in BIgIP APM that can be adjusted to prevent certain information from being publicly displayed?
- zamroni777
Nacreous
if those fields comes from f5's http response header, you can try use irules or traffic policy to remove the headers
field_bad_serviceThanks for your response.
The problem is precisely this, I don't know exactly where this information is coming from, the question is along these lines, finding out where this is visible so that it can be blocked and not be something exploitable.- zamroni777
you can use Network tab in browser's Developer Tool to see the http details.
tcpdump -s0 -f5 ssl ... can also give you the plain http layer data.
- Lucas_Thompson
Employee
You'll have to figure out how that Censys system creates these guesses. The vendor may be able to provide this information, though security vendors often are secretive or rely on obsucurity: they may not want to divulge how their product works technically in an effort to thwart researchers. It may also be that this Censys product combines multiple sources of information at different layers of the OSI stack and has a complex set of rules to arrive at a guess.
You can read here about how this stuff works at L4 (IP/TCP):
https://my.f5.com/manage/s/article/K9491
You can read here about how this stuff works at L5-L6 (TLS):
You can read about one method to fingerprint a BIG-IP at L7:
https://my.f5.com/manage/s/article/K30552235
