Example: ASP .Net version & other multiple server detail leaks

Example.com is a cloud hosting provider. Because it must offer whatever services its customers’ web applications require, its servers run a variety of platforms — even old, unpatched versions with known vulnerabilities that have not been configured securely. Unfortunately, these platforms advertise their presence in a variety of ways, identifying weaknesses to potential attackers. HTTP headers are one way that web server platforms are easily fingerprinted. Example.com wants to remove unnecessary headers that provide server details to clients in order to make it harder for attackers to fingerprint their platforms and craft successful attacks. Specifically, it wants to erase these HTTP response headers:

To do this, Example.com writes 3 custom signatures, one to match and erase the contents of each header (but not the header’s key), and includes these custom signatures in the signature set used by the protection profile:


Setting name	Value
Direction	Signature creation
Expression	\bServer:(.*)\b
Action	Alert & Erase
Severity	Low
Trigger Action	notification-servers1


Setting name	Value
Direction	Signature creation
Expression	\bX-AspNetMvc-Version:(.*)\b
Action	Alert & Erase
Severity	Low
Trigger Action	notification-servers1


Setting name	Value
Direction	Signature creation
Expression	\bX-AspNet-Version:(.*)\b
Action	Alert & Erase
Severity	Low
Trigger Action	notification-servers1


Setting name	Value
Direction	Signature creation
Expression	\bX-Powered-By:(.*)\b
Action	Alert & Erase
Severity	Low
Trigger Action	notification-servers1

The result is that the client receives HTTP responses with headers such as:


	To improve performance, Example.com could use the attack logs generated by these signature matches to notify system administrators to disable version headers on their web servers. As each customer’s web server is reconfigured properly, this would reduce memory and processor power required to rewrite its headers.