Cloaking prevents hackers from obtaining information that could be used to launch a successful subsequent attack. HTTP headers and return codes are masked before sending a response to a client. The response headers are filtered based on the headers defined in the Headers to Filter field.
Cloaking features include:
- Removing banner headers such as "Server" etc from responses.
- Blocking client error (status code 4xx) and server error (status code 5xx) responses.
Steps To Configure Cloaking
- Go to the SECURITY POLICIES > Cloaking page.
- Select the policy from the Policy Name drop-down list for which you want to modify cloaking settings.
- In the Cloaking section, specify values for the following fields:
-
Suppress Return Code – When set to Yes, the Barracuda Web Application Firewall blocks an HTTP Status code in the response header and inserts a default of custom response page in case of any error responses from the server. Two types of response error codes are suppressed:
-
4xx (client): These are 400-series error codes. These codes are intended for instances when a client seems to have erred when attempting to access a Web page.
.
- 5xx (server): These are 500-series error codes. These codes are intended to indicate that a server is aware that it has a problem or that it is incapable of performing a request. Example: 500: Internal Error.
- Values: Yes, No
- Recommended: Yes
-
- Filter Response Header – Set to Yes to remove HTTP headers in the response before relaying to the client. The HTTP headers are filtered based on the headers defined in the Headers to Filter field below.
- Values: Yes, No
- Recommended: Yes
-
Headers to Filter – Define the HTTP headers to be removed from the response before serving it to the client.
-
Suppress Return Code – When set to Yes, the Barracuda Web Application Firewall blocks an HTTP Status code in the response header and inserts a default of custom response page in case of any error responses from the server. Two types of response error codes are suppressed:
- Click Save.