Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

ASM Policy to prevent backend server fingerprinting

Michael_Madewel
Nimbostratus
Nimbostratus

We recently moved a legacy Windows web server behind an ASM. The server can't be upgraded for various reasons. We are not yet ready to deploy a full security policy in blocking mode, but we would at least like to prevent Shodan  and other scanners from fingerprinting the backend server (e.g., determining OS version). How can we accomplish this? 
Thanks.

2 REPLIES 2

ragunath154
Cirrostratus
Cirrostratus

apart from WAF policy i would recomend to attach the BOT profile, which includes scanners database to block.

ip intelligence too have database of scanner ip's which you can block..

Also the F5 ASM by default is removing by default the server response header which is nice:

 

https://support.f5.com/csp/article/K6534