Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to block web site technologies information with ASM/Advance WAF

Go to solution
pinkzeppelin
Altostratus
Altostratus

‎10-Apr-2023 01:04

Hi,

How can we block what technologies are used on our website on ASM to protect web-sites like buildwith.com.

Thanks.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎10-Apr-2023 08:07 - edited ‎10-Apr-2023 08:07

Hi @pinkzeppelin,

it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals 
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/

Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM? 

These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.

KR
Daniel

View solution in original post

6 REPLIES 6

Go to solution
Samir
MVP
MVP

‎10-Apr-2023 03:51

Question is not clear. what you wanted to block. Share more details for help

0 Kudos

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎10-Apr-2023 08:07 - edited ‎10-Apr-2023 08:07

Hi @pinkzeppelin,

it is difficult to block sites like builtwith or wappalyzer from profiling your web application.
builtwith offers a site for removing your site data: https://builtwith.com/removals 
wappalyzer offers some guidance how to hide the technologies you are using from their scanner: https://www.wappalyzer.com/articles/how-to-hide-technologies-from-wappalyzer/

Also F5 offers some guidance and also some information on why it is difficult to hide your technology: K35304481: Is there any way to prevent ''Wappalyzer'' from detecting my server technology by F5 ASM? 

These tools are often using your browser for profiling the technologies of a website. Webservers, frameworks and CMS can be easily identified by Headers, file extensions or cookies. You cannot identify these tools by their user-agent or source IPs. Best you can do is to hide and obfuscate your technology stack.

KR
Daniel

Go to solution
pinkzeppelin
Altostratus
Altostratus
In response to Daniel_Wolf

‎11-Apr-2023 06:00

Thank you @Daniel_Wolf . 

@Gajji Irule is the only solution I guess.

0 Kudos

Go to solution
Gajji
Cirrostratus
Cirrostratus

‎11-Apr-2023 00:36

@Daniel_Wolf Irule can not help in this case?

Irule to inspect the HTTP headers of incoming requests and blocking any requests that contain information about specific technologies.

0 Kudos

Go to solution
Daniel_Wolf
Nacreous
Nacreous
In response to Gajji

‎11-Apr-2023 09:08 - edited ‎11-Apr-2023 09:16

I would not know how iRules can help. Both, wappalyzer and builtwith, either come as a browser plugin or they offer an API.

The browser plugin creates a profile of your web application and its technologies from the HTTP responses that your browser gets, it does not add extra requests or headers. You won't even notice that a visitor has it installed in his or her browser.

0 Kudos

Go to solution
Gajji
Cirrostratus
Cirrostratus
In response to Daniel_Wolf

‎12-Apr-2023 06:40

OK need to test then with few cases in hand

0 Kudos
Copyright © 2023 Khoros, LLC