Connect with us

Hi, what are you looking for?

Apache

Using your Citrix NetScaler for Microsoft IIS or Apache http server header obfuscation

Masking the web server software in your http header/http server banner (server header obfuscation) is an important layer of security you might want to implement since it can be accomplished so easily on a Netscaler. It’s a layer of security you can add to prevent someone from telling what kind of web server you are running, such as Microsoft IIS or Apache, though it is still quite possible to figure out depending on your environment and application so don’t rely on it too much. The thought is an attacker scans for certain versions of a web server that have known vulnerabilities and begins running attacks for that specific web server software to see if those vulnerabilities have been patched or not. They can do this programmatically so changing the header to say something else is a layer of security that can prevent them from easily figuring out what your web environment infrastructure is like.

You will notice that Chase.com uses “JPMC1.0”:

Amazon.com uses just “Server”:

Advertisement. Scroll to continue reading.

Google.com uses “gws”:

This can be done very easily using rewrite policies on the Netscaler. Catherine Hampton wrote a great article over at the Citrix Developer Network on how to do this:

http://community.citrix.com/display/ns/Using+Rewrite+to+Improve+Web+Server+Security

Advertisement. Scroll to continue reading.

And if you want to read more about web server fingerprinting, check Net-square’s website and their httprint tool:

http://www.net-square.com/httprint.html

Saumil Shah at Net-square wrote an excellent and very thorough article on HTTP fingerprinting here:

Advertisement. Scroll to continue reading.

http://www.net-square.com/httprint_paper.html

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Apache

Today I would like to go over proper URL redirection when using SSL but first I would like to preface this by describing what...

Exchange 2003

A useful Exchange 2003 guide I wrote for a friend’s blog originally but I am posting it here on mine now for your viewing...

Citrix Workspace

You can use FIDO2 hardware security keys plugged into your physical desktop over the Citrix HDX remoting protocol for use with virtualized Windows Desktop...

Cloud Design Architecture

The community-driven paperback book initiated by my friends Bas van Kaam and Christiaan Brinkhoff is available for sale on Amazon. If you haven’t picked...

Advertisement

JasonSamuel.com was launched in 2008 as a platform to give back to the IT community by sharing knowledge and expertise. Over the years, it has become a trusted global resource for the latest insights, how-to guides, and thought leadership on enterprise mobility, security, virtualization, cloud architecture, automation, and other cutting-edge technologies. Today, it serves as a go-to reference hub for IT professionals, attracting hundreds of thousands of unique visitors from around the world each month. Learn more on the About Me page.
Copyright © 2008-2025 JasonSamuel.com