This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - how to prevent the internet from learning your website's OS?

We have two WAF deployments protected by two different XG firewalls. Both are protecting web servers identically. Both web servers are IIS. When I query shodan.com for both IPs, it shows the following:

www server 1

Apache httpd
HTTP/1.1 403 Forbidden


www server 2
Microsoft IIS httpd8.5
HTTP/1.1 200 OK


I would like the results to always be what is reported for server 1. Is this information discoverable because of the architectures of the
website. Or is there something additional I need to change at the WAF?



This thread was automatically locked due to age.