Secure Mobile Access 100 10.2 Administration Guide

Configuring Web Site Cloaking

Under Web Site Cloaking, you can filter out headers in response messages that could provide information to clients about the backend Web server that could possibly be used to find a vulnerability.

To configure Web site cloaking

  1. Expand the Web Site Cloaking section.
  2. In the Block Response Header fields, select Manual and type the server host name into the first field and type the header name into the second field, then click Add.

    For example, if you set the host name to “webmail.xyz.com” and the header name to “X-OWA-version,” headers with the name “X-OWA-version” from host “webmail.xyz.com” is blocked. In general, listed headers are not sent to the client if an HTTP/HTTPS bookmark or off-loaded application is used to access a listed Web server.

    To block a certain header from all hosts, set the host name to an asterisk (*). You can add up to 64 host/header pairs. In the HTTP protocol, response headers are not case-sensitive.

  3. To remove a host/header pair from the list to be blocked, select the pair in the text box and then click Delete.
  4. When finished, click Accept.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.