This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - how to prevent the internet from learning your website's OS?

We have two WAF deployments protected by two different XG firewalls. Both are protecting web servers identically. Both web servers are IIS. When I query shodan.com for both IPs, it shows the following:

www server 1

Apache httpd
HTTP/1.1 403 Forbidden


www server 2 
Microsoft IIS httpd8.5
HTTP/1.1 200 OK


I would like the results to always be what is reported for server 1. Is this information discoverable because of the architectures of the
website. Or is there something additional I need to change at the WAF?

This thread was automatically locked due to age.

Parents

0 FormerMember over 3 years ago

Hi TimAlbertson,

Thank you for reaching out to the Communtiy!

Is there any DNAT rule configured on your firewall for the same server? Are you running this test from the external network?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 3 years ago

Hi TimAlbertson,

Thank you for reaching out to the Communtiy!

Is there any DNAT rule configured on your firewall for the same server? Are you running this test from the external network?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data