Forum Discussion

Nath

Cirrostratus

Jan 31, 2017

How to know if server cloaking is enabled in ASM

Hi Guys, anyone could help me on this. -nat

Cirrocumulus

Jan 31, 2017

nat

It depends on what you really mean by "server cloaking". In its simplest form this would be preventing response headers from exposing backend server information i.e. application in use and its version. Is this what you mean?

If so, then ASM removes the Server response HTTP header by default so this is one way to perform server cloaking. To check this is working fire up your favourite HTTP inspection app (fiddler, httpwatch, httpfox, developer tools etc.) and check the response headers from a web app behind an ASM.

Hope this helps,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to know if server cloaking is enabled in ASM

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Server Resource Cloaking

Security Irules 101: Engage Cloak!

enable WebSocket profile.

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

F5 MCP(Model Context Protocol) Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS