For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Altostratus rank

Altostratus

Apr 10, 2023

Solved

How to block web site technologies information with ASM/Advance WAF

Hi,

How can we block what technologies are used on our website on ASM to protect web-sites like buildwith.com.

Thanks.

Daniel_Wolf
Apr 10, 2023
Hi pinkzeppelin,
it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/
Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM?
These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.
KR
Daniel

6 Replies

Samir
MVP
Apr 10, 2023
Question is not clear. what you wanted to block. Share more details for help
Daniel_Wolf
MVP
Apr 10, 2023
Hi pinkzeppelin,
it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/
Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM?
These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.
KR
Daniel
- pinkzeppelin
  Altostratus
  Apr 11, 2023
  Thank you Daniel_Wolf .
  Gajji Irule is the only solution I guess.
Gajji
Cirrostratus
Apr 11, 2023
Daniel_Wolf Irule can not help in this case?
Irule to inspect the HTTP headers of incoming requests and blocking any requests that contain information about specific technologies.
- Daniel_Wolf
  MVP
  Apr 11, 2023
  I would not know how iRules can help. Both, wappalyzer and builtwith, either come as a browser plugin or they offer an API.
  The browser plugin creates a profile of your web application and its technologies from the HTTP responses that your browser gets, it does not add extra requests or headers. You won't even notice that a visitor has it installed in his or her browser.
  - Gajji
    Cirrostratus
    Apr 12, 2023
    OK need to test then with few cases in hand

F5 Academy at AppWorld 2026

DevCentral News

Aswin MK - November 2025 Featured Member

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5