Block or Disable HTTP Server Version Information on ASA?

Unanswered Question
Jun 24th, 2010

Is there a way within the ASA that I can block or disable the http header information obtained during external scans? Specifically the http server version 1.0 etc.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Panos Kampanakis Thu, 06/24/2010 - 10:41

"no http server enable" will stop the ASA from doing HTTP.

Not if you are doing webvpn then you can't avoid it responding to HTTP requests.

I hope it helps.

PK

motown5069 Thu, 06/24/2010 - 10:45

pkampana: We are indeed using the webvpn functionality within the appliance for ssl remote access sessions. Do you know if there is any documentation that supports this position? It can't be disabled in other words? I have not been able to find it. Thanks a million for your response also!

David White Thu, 06/24/2010 - 21:00

There is no documentation (other than this post) that indicates that the version in the ASA's web server can't be

removed/disabled.

However, please be aware that the ASA web server is custom built, for a very specific capability (management and webvpn), and as such generally doesn't suffer from any of the vulnerabilities that exist in standard web servers.

Sincerely,


David.

motown5069 Tue, 06/29/2010 - 07:49

Thank you for the follow up information David! Great information and Forum.

Actions

This Discussion