Identify web defensive services
An adversary can attempt to identify web defensive services as CloudFlare, IPBan, and Snort. This may be done by passively detecting services, like CloudFlare routing, or actively, such as by purposefully tripping security defenses. 
Tactic: Technical Information Gathering
DetectionDetectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Active service detection may trigger an alert. Passive service enumeration is not detected.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Adversary can passively detect services (e.g., [https://www.cloudflare.com/ CloudFlare] routing) or actively detect services (e.g., by purposefully tripping security defenses)
- Paulino Calderon. (n.d.). http-waf-detect. Retrieved April 2, 2017.