Forum Discussion
Hi Nathaneil,
"Server Cloaking" is a technique/configuration that strips unnessesary HTTP-Headers from your HTTP-Responses, that may otherwise help an attacker to identify the underlying OS / webserver version during the mapping of your network and to become able to launch tailordered attacks right after.
Server cloaking is not supported by ASM and does require the use of iRules, to remove those HTTP::header in transit.
You may read the following article to understand how it works. Make sure to also read the comments of this post, since they are containing alternative approaches (e.g. via [HTTP::header sanitize] or the use of HTTP profiles settings to cloak the responses as needed.
https://devcentral.f5.com/articles/security-irules-101-engage-cloak
Cheers, Kai