Thomas Shinder Blog RSS

All Blogs  »  Thomas Shinder Blog  »  ISA Central  »  Blog article: Security Through Obscurity -- Use the ISA Firewall to Modify Your Server Header

Security Through Obscurity — Use the ISA Firewall to Modify Your Server Header

The ISA Firewall’s HTTP Security Filter can be used for both inbound and outbound HTTP connections made through your ISA Firewall. In a Web Publishing scenario, you might want to change the HTTP Server header returned by your Web server to confuse an attacker about what type of Web server you’re publishing. This is helpful because if you return a server header for a Web server that is different than the actual Web server, the little savages who try to attack your Web server will waste a good amount of time trying to exercise exploits that your actual Web server is immune from. The twerps will tire and more on to their next victim if they have to waste too much time on your published server.

Open the HTTP Security Filter for your Web Publishing Rule and click the Headers tab. Here you have the option to change the Server header by selecting the Modify header in response option from the Server Header drop down list.

In Server Header, specify how the server header will be returned in the response. The Server header is a response header containing information about the server application and software version information, for example, HTTP: Server = Microsoft-IIS/6.0.

The possible settings are:

  • Send original header. The original header will be returned in the response.
  • Strip header from response. No header will be returned in the response. This isn’t any fun, because the attacker will try IIS 5.0 related exploits first. We really want to through him off track!
  • Modify. A modified header will be returned in the response. If you select this option, in Change to, type the value that will appear in the response. You should modify the server header. The value that will appear in the response can be any value, because the server header is rarely used by clients, but is used by miscreants and other criminal types.

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

This entry was posted on Wednesday, October 11th, 2006 at 9:04 am and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Security Through Obscurity — Use the ISA Firewall to Modify Your Server Header”

  1. vern leblanc Says:

    October 11th, 2006 at 3:05 pm

    The site isatools.org is refered to in may of your articles. It is no longer available! Is there another site for the same tools?

  2. Thomas Shinder Says:

    October 11th, 2006 at 7:26 pm

    Hi Vern,

    I’m having no problems getting to www.isatools.org

    Tom

  3. Jason Jones Says:

    October 12th, 2006 at 5:23 pm

    Fun but pointless….any decent attacker will likely use a fingerprinting tool or method to determine the web server type…checking HTTP headers is very basic stuff ;-)

  4. Thomas Shinder Says:

    October 12th, 2006 at 6:37 pm

    Sure, but it keep the click-kiddies at bay :)

  5. zohaib Says:

    October 13th, 2006 at 7:04 pm

    nothing.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center