The ISA Firewall’s HTTP Security Filter can be used for both inbound and outbound HTTP connections made through your ISA Firewall. In a Web Publishing scenario, you might want to change the HTTP Server header returned by your Web server to confuse an attacker about what type of Web server you’re publishing. This is helpful because if you return a server header for a Web server that is different than the actual Web server, the little savages who try to attack your Web server will waste a good amount of time trying to exercise exploits that your actual Web server is immune from. The twerps will tire and more on to their next victim if they have to waste too much time on your published server.
Open the HTTP Security Filter for your Web Publishing Rule and click the Headers tab. Here you have the option to change the Server header by selecting the Modify header in response option from the Server Header drop down list.
In Server Header, specify how the server header will be returned in the response. The Server header is a response header containing information about the server application and software version information, for example, HTTP: Server = Microsoft-IIS/6.0.
The possible settings are:
- Send original header. The original header will be returned in the response.
- Strip header from response. No header will be returned in the response. This isn’t any fun, because the attacker will try IIS 5.0 related exploits first. We really want to through him off track!
- Modify. A modified header will be returned in the response. If you select this option, in Change to, type the value that will appear in the response. You should modify the server header. The value that will appear in the response can be any value, because the server header is rarely used by clients, but is used by miscreants and other criminal types.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: [email protected]
MVP — Microsoft Firewalls (ISA)