Technical Tip: How to enable the security module in FortiAppSecCloud-WAF to erase HTTP Server header and X-Powered-By header

FortiAppSecCloud-WAF has the Information Leakage security module whose purpose is to erase sensitive information from the server HTTP response header or body data.

There are signatures in the category 'Server Information Disclosure' which detect and erase the common sensitive headers, such as the 'Server' header or 'X-Powered-By'.

1. Example of a website application that is showing the 'Server' header and 'X-Powered-By' header.

2. Before checking on the Information Leakage security module, make sure that the WAF Application’s Block Mode is enabled.

3. Navigate to the Information Leakage module page. Add the module from the module page if it is not available. The security module should be in 'Erase & Alert' action, and toggle to enable the Security Information Disclosure option.

4. The signature ID checks and erases the HTTP 'Server' header and 'X-Power-By' header. Both signature IDs have the sensitivity level of '4'.

• Signature ID 080200001 - Server Header:

• Signature ID 080200004 – X-Powered-By Header:

5. Navigate to the Known Attacks module page and check the Sensitivity Level. Make sure to change the Sensitivity Level to '4' and save.

6. Try to browse the testing page that is proxied through the FortiAppSecCloud-WAF endpoint. The 'Server' Header and 'X-Powered-By' Header should be erased now.

7. If the level 4 Sensitivity Level is causing a large number of false positive blocking or content erasing, revert the Sensitivity Level to 1 and use the Erase HTTP Headers module to erase the header content information. Navigate to the Information Leakage page, toggle to enable the option Erase HTTP Headers. Add the specific header name to the list.

Related documents:

Information Leakage Security Module

Known Attacks Signature Security Module