Block or Disable HTTP Server Version Information on ASA?

Unanswered Question
Jun 24th, 2010
User Badges:

Is there a way within the ASA that I can block or disable the http header information obtained during external scans? Specifically the http server version 1.0 etc.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Panos Kampanakis Thu, 06/24/2010 - 10:41
User Badges:
  • Cisco Employee,

"no http server enable" will stop the ASA from doing HTTP.

Not if you are doing webvpn then you can't avoid it responding to HTTP requests.

I hope it helps.


motown5069 Thu, 06/24/2010 - 10:45
User Badges:

pkampana: We are indeed using the webvpn functionality within the appliance for ssl remote access sessions. Do you know if there is any documentation that supports this position? It can't be disabled in other words? I have not been able to find it. Thanks a million for your response also!

David White Thu, 06/24/2010 - 21:00
User Badges:
  • Cisco Employee,

There is no documentation (other than this post) that indicates that the version in the ASA's web server can't be


However, please be aware that the ASA web server is custom built, for a very specific capability (management and webvpn), and as such generally doesn't suffer from any of the vulnerabilities that exist in standard web servers.



motown5069 Tue, 06/29/2010 - 07:49
User Badges:

Thank you for the follow up information David! Great information and Forum.


This Discussion