Security Best Practice: Familiarize Yourself with the Header Spoofing Protection
| Check Point Reference: | SBP-2008-22 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | IPS Research Center | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Web Servers | ||
| Vulnerability Description One of the first steps an attacker takes before attacking a website is to analyze the web server response in order to gather as much information as possible about it. This is known as "fingerprinting". |
||
|
Vulnerability Details Some headers in the HTTP response from the web server contain information that can be used by an attacker to identify the web server. The attacker can then launch an attack that exploits weaknesses in that particular web server. |
Protection Overview
This protection allows you to remove or change a specific header (that can appear in the HTTP Response) by giving a regular expression to identify the header name and header value. For example, a typical server header will contain the web server name and version number. Use this protection to spoof out the version information.
To configure the defense, select your product from the list below and follow the related protection steps.