Readily available tools on the Internet make it easy for hackers to scan any Web site, determine how the applications were built, what kind of servers the applications are running on, and which URLs contain vulnerabilities – leaving these sites vulnerable to potential attacks. In addition, automated worms and botnets can scan the Internet for specific server types with known vulnerabilities in order to launch attacks.
Barracuda Web Application Controllers protect against this with Web site cloaking technology that makes application infrastructure invisible to hackers or bots scanning for vulnerabilities. With Barracuda Web Application Controllers there is zero visibility into what types of Web servers, application servers, operating systems and patch levels are running on the protected applications. By hiding HTTP return codes, headers, and back-end IP addresses, Barracuda Web Application Controllers’ Web site cloaking mechanism effectively conceals all the information that could potentially be used to build an attack against applications or application servers.
Web site cloaking alone thwarts a significant amount of would-be application and Web server attacks. Combining cloaking with Barracuda Web Application Controllers’ suite of additional security features provides the protection needed for Web applications that deploy directly onto the Internet.
Further optimization of Web site cloaking can be done by doing an HTTP header re-write and URL translations, thus completely covering up the internal URL space. In addition, Barracuda Web Application Controllers’ HTTP header re-write and URL translation features can be used for other purposes, such as sending authentication data to the Web servers.
- HTTP header re-write
Barracuda Web Application Controllers can perform HTTP header rewrites, which remove or rewrite sensitive header information before it reaches the user. The header re-write functionality can also be used for enhanced traffic management, or to add unique functionality to an application. For example, custom headers can be generated to convey user information to the application. - URL translations
Attackers can often gather information about internal server and directory structure by simply looking at the URLs that show up in the user’s browser. In addition, these URLs can often be messy and cumbersome for users. Because of this it makes sense to separate how the outside world views/names a Web site from the way it is actually physically structured. Barracuda Networks calls this capability Web Address Translation (WAT), a technology that NetContinuum (now part of Barracuda Networks) developed in 2006 and submitted to the Internet Engineering Task Force (IETF) for consideration as an industry standard. With WAT Barracuda Web Application Controllers essentially translate URL addresses from exterior to interior DNS namespaces giving administrators full control over what address users see at all times and to hide the complexity of rapidly changing internal application structures behind a simple external URL name.