Example 4: Mask the HTTP Server Type

Example Inc. wants to modify the HTTP Server: header so that unauthorized users and malicious code cannot use the header to identify the software that the HTTP server uses.

To modify the HTTP Server: header, you would create a rewrite action and a rewrite policy with the values in the following tables.

Action Name Type of Rewrite Action Expression to choose target reference String expression for replacement text
Action-Rewrite-Server_Mask REPLACE HTTP.RES.HEADER(“Server”) “Web Server 1.0”
Policy Name Action Name Undefined Action Expression
Policy-Rewrite-Server_Mask Action-Rewrite-Server_Mask NOREWRITE HTTP.RES.IS_VALID

You would then globally bind the rewrite policy, assigning a priority of 100 and setting the Goto Priority Expression of the policy to END.

The HTTP Server: header is now modified to read “Web Server 1.0,” masking the actual HTTP server software used by the Example Inc. Web site.

Example 4: Mask the HTTP Server Type

In this article