For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lokesh's avatar
Lokesh
Icon for Nimbostratus rankNimbostratus
Oct 14, 2019

Linux (Kali) found our application hosted behind F5

We want to stop display of banner name of F5 to any WAF detection tools , as during VAPT it was seen that wafw00f (A WAF detection Tool) is able to find out our WAF name through our application.  ...
ASM Advanced WAF
BIG-IP Access Policy Manager (APM)
security
ayhatu's avatar
ayhatu
Icon for Nimbostratus rankNimbostratus
Nov 22, 2019

Hi Everyone,

I had the same problem.can you help me ? When I tested on kali ;

"is behind BIG-IP Access Policy Manager (F5 Networks) WAF"

 

boneyard's avatar
boneyard
Icon for MVP rankMVP
Nov 22, 2019

as mentioned before, you are not going to "fix" this without a huge amount of work and a chance you will break Access Policy Manager.

 

and why do you want this? to remove this is a typical security through obscurity. just keep up with patches so you are fine.

  • ayhatu's avatar
    ayhatu
    Icon for Nimbostratus rankNimbostratus
    Nov 23, 2019

    "why do you want this" Isn't it clear why this is wanted to be removed? Because anyone who uses this code (wafw00f ) will know that I am using F5.

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Nov 30, 2019

    yes and what will that matter? if you keep your software updated there is no real worry.

     

    trying to hide the fact you are using F5 will give a false sense of security.