Stop Wappalyzer from detecting my back end server technologies
we know that F5 removes Server , X-powered-by headers to keep information about back end server from end users, but there is extension "Wappalyzer" on mozille firefox browser which indicates all back end server technologies.
i tried to inspect/check all security event logs and botnet logs but in vain, there is no request generated from this extension but can detect all my technologies server.
here is my question, is there any way to prevent "Wappalyzer" from detecting my server technology by F5 ASM.
The short answer is - not really..
Wappalyzer (at least as a browser plug-in) doesn't make any requests of it's own to your server, rather it looks at the responses your website sends to try and determine what technolgies you use, and it does a huge number of regex based checks against things like: filenames, HTTP headers, DOM content and likely more.
When run as a stand-alone client (which browses the website headlessly) I believe it sends a User-Agent string of Wappalyzer, which you could of course block, but as a browser extension it is just querying what the browser is already seeing.
The analysis engine is actually opensource so you could look for what Wappalyzer is detecting and then try to adjust your website so that it no longer triggers the detections: https://github.com/wappalyzer/wappalyzer/tree/master/src/technologies
IMHO there is very little value in spending a huge amount of time 'stealthing' the technologies you use beyond ensuring an attacker can't trivially detect major versions of things like your webserver, and you're much better off spending time and resources ensuring that libraries are kept up-to-date and that any known vulnerabilities are patched in a timely manner.