https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483588#M708383 <HTML><HEAD></HEAD><BODY><P>"no http server enable" will stop the ASA from doing HTTP.</P><P>Not if you are doing webvpn then you can't avoid it responding to HTTP requests.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Thu, 24 Jun 2010 17:41:40 GMT Panos Kampanakis 2010-06-24T17:41:40Z https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483587#M708374 <P>Is there a way within the ASA that I can block or disable the http header information obtained during external scans? Specifically the http server version 1.0 etc.</P> Mon, 11 Mar 2019 18:03:15 GMT https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483587#M708374 motown5069 2019-03-11T18:03:15Z https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483588#M708383 <HTML><HEAD></HEAD><BODY><P>"no http server enable" will stop the ASA from doing HTTP.</P><P>Not if you are doing webvpn then you can't avoid it responding to HTTP requests.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Thu, 24 Jun 2010 17:41:40 GMT https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483588#M708383 Panos Kampanakis 2010-06-24T17:41:40Z https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483589#M708392 <HTML><HEAD></HEAD><BODY><P>pkampana: We are indeed using the webvpn functionality within the appliance for ssl remote access sessions. Do you know if there is any documentation that supports this position? It can't be disabled in other words? I have not been able to find it. Thanks a million for your response also!</P></BODY></HTML> Thu, 24 Jun 2010 17:45:48 GMT https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483589#M708392 motown5069 2010-06-24T17:45:48Z https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483590#M708400 <HTML><HEAD></HEAD><BODY><P>There is no documentation (other than this post) that indicates that the version in the ASA's web server can't be</P><P>removed/disabled.</P><P></P><P>However, please be aware that the ASA web server is custom built, for a very specific capability (management and webvpn), and as such generally doesn't suffer from any of the vulnerabilities that exist in standard web servers.</P><P></P><P>Sincerely,</P><P><BR />David.</P></BODY></HTML> Fri, 25 Jun 2010 04:00:42 GMT https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483590#M708400 David White 2010-06-25T04:00:42Z https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483591#M708406 <HTML><HEAD></HEAD><BODY><P>Thank you for the follow up information David! Great information and Forum.</P></BODY></HTML> Tue, 29 Jun 2010 14:49:09 GMT https://community.cisco.com/t5/network-security/block-or-disable-http-server-version-information-on-asa/m-p/1483591#M708406 motown5069 2010-06-29T14:49:09Z