It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Barracuda WAF-as-a-Service

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Response Cloaking

Last updated on 2020-06-16 16:41:58

You can set WAF-as-a-Service to cloak the return of an HTTP status code in a response header. This code is returned from a server if there is a problem with the browser or the server. With this code suppressed, details of your infrastructure are obscured; the client will not know whether there is a problem with the client or the server.

Cloaking features include:

Removing banner headers, such as Server, from responses.
Blocking client error (status code 4xx) and server error (status code 5xx) responses.

Two types of response error codes are suppressed:

400-499 (client) – Codes intended for instances when a client seems to have erred when attempting to access a Web page.
Note that the codes 401 and 407 are not suppressed since these are for authentication and the clients need to see them to return the authentication credentials.
500-599 (server) – Codes intended to indicate that a server is aware that it has a problem or that it is unable to perform a request. Example: 500 – Internal Error.

You can also specify certain status codes that you want to allow through.

You can also set WAF-as-a-Service to remove sensitive headers from a server's response before returning it to the client. This prevents users from seeing information about your web server and operating system versions. You can specify which types of headers you want to cloak.

Previous Article Next Article