Forum Discussion

pinkzeppelin

Altostratus

Apr 10, 2023

How to block web site technologies information with ASM/Advance WAF

Hi,

How can we block what technologies are used on our website on ASM to protect web-sites like buildwith.com.

Thanks.

security

Daniel_Wolf
Apr 10, 2023
Hi pinkzeppelin,
it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/
Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM?
These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.
KR
Daniel

Daniel_Wolf
MVP
Apr 10, 2023
Hi pinkzeppelin,
it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/
Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM?
These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.
KR
Daniel
- pinkzeppelin
  Altostratus
  Apr 11, 2023
  Thank you Daniel_Wolf .
  Gajji Irule is the only solution I guess.
Samir
MVP
Apr 10, 2023
Question is not clear. what you wanted to block. Share more details for help
Gajji
Cirrostratus
Apr 11, 2023
Daniel_Wolf Irule can not help in this case?
Irule to inspect the HTTP headers of incoming requests and blocking any requests that contain information about specific technologies.
- Daniel_Wolf
  MVP
  Apr 11, 2023
  I would not know how iRules can help. Both, wappalyzer and builtwith, either come as a browser plugin or they offer an API.
  The browser plugin creates a profile of your web application and its technologies from the HTTP responses that your browser gets, it does not add extra requests or headers. You won't even notice that a visitor has it installed in his or her browser.
  - Gajji
    Cirrostratus
    Apr 12, 2023
    OK need to test then with few cases in hand