It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Response Cloaking

  • Last updated on

You can set WAF-as-a-Service to cloak the return of an HTTP status code in a response header. This code is returned from a server if there is a problem with the browser or the server. With this code suppressed, details of your infrastructure are obscured; the client will not know whether there is a problem with the client or the server.

Cloaking features include:

  • Removing banner headers, such as Server, from responses.
  • Blocking client error (status code 4xx) and server error (status code 5xx) responses.

Two types of response error codes are suppressed:

  • 400-499 (client) Codes intended for instances when a client seems to have erred when attempting to access a Web page.

    Note that the codes 401 and 407 are not suppressed since these are for authentication and the clients need to see them to return the authentication credentials. 

  • 500-599 (server)   Codes intended to indicate that a server is aware that it has a problem or that it is unable to perform a request. Example: 500 Internal Error.

You can also specify certain status codes that you want to allow through. 

You can also set WAF-as-a-Service to remove sensitive headers from a server's response before returning it to the client. This prevents users from seeing information about your web server and operating system versions. You can specify which types of headers you want to cloak. 

Last updated on