Fortinet 406 FortiWeb 5.0 Patch 6 Administration Guide
Example: ASP .Net version & other multiple server detail leaksExample.com is a cloud hosting provider. Because it must offer whatever services its
customers’ web applications require, its servers run a variety of platforms — even old,
unpatched versions with known vulnerabilities that have not been configured securely.
Unfortunately, these platforms advertise their presence in a variety of ways, identifying
weaknesses to potential attackers. HTTP headers are one way that web server platforms are
easily fingerprinted. Example.com wants to remove unnecessary headers that provide server
details to clients in order to make it harder for attackers to fingerprint their platforms and craft
successful attacks. Specifically, it wants to erase these HTTP response headers:
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 3.0
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
To do this, Example.com writes 3 custom signatures, one to match and erase the contents of
each header (but not the header’s key), and includes these custom signatures in the signature
set used by the protection profile:
Setting name Value
Direction Signature creation
Expression \bServer:(.*)\b
Action Alert & Erase
Severity Low
Trigger Action notification-servers1
Setting name Value
Direction Signature creation
Expression \bX-AspNetMvc-Version:(.*)\b
Action Alert & Erase
Severity Low
Trigger Action notification-servers1
Setting name Value
Direction Signature creation
Expression \bX-AspNet-Version:(.*)\b
Action Alert & Erase
Severity Low
Trigger Action notification-servers1