/
Configuring Cloaking

Configuring Cloaking

Nov 26, 2018

Cloaking prevents hackers from obtaining information that could be used to launch a successful subsequent attack. HTTP headers and return codes are masked before sending a response to a client. The response headers are filtered based on the headers defined in the Headers to Filter field.

Cloaking features include:

  • Removing banner headers such as "Server" etc from responses.

  • Blocking client error (status code 4xx) and server error (status code 5xx) responses.

Steps To Configure Cloaking

When Suppress Return Code is set to Yes, the Barracuda Web Application Firewall inserts a default or custom response page in case of any error responses from the server. Typically, the Barracuda Web Application Firewall uses the default response page for error responses from the server. You can define custom response page on the ADVANCED > Libraries > Response Pages section using Add Response Page. The default response page can be replaced with the custom response page on:

  • SECURITY POLICIES > Action Policy

  • SECURITY POLICIES > Global ACLs > Existing Global ACLs

  • WEBSITES > Allow/Deny > URL : Allow/Deny Rules

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.