Share via

Server Discloses Software Version (Expose Server in Response Header)

Krischell Villadulid 5 Reputation points
2023-09-27T21:04:45.6066667+00:00

Server Discloses Software Version (Expose Server in Response Header)

Details: Server Name expose in Response Header

User's image

Solution Tried but it didn't solve the issue:

  1. Configure Azure by creating new rules

User's image

  1. Add/configure web.config

User's image

  1. Created class in program.cs

User's image

Note: I cant find NGINX in application gateway and web app services.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,217 questions
Exchange | Exchange Server | Development
Exchange | Exchange Server | Management
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,961 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VenkateshDodda-MSFT 25,111 Reputation points Microsoft Employee Moderator
    2023-09-28T09:12:07.4866667+00:00

    @Krischell Villadulid Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.

    Based on the shared information, I have understood that you are trying to eliminate the Server header from the app service response and also, I assume that your application is running on Linux app service Plan.

    If yes, you can follow the below set of instructions on remove/eliminate the server header.

    1. SSH your web app through https://SITE-NAME-HERE.scm.azurewebsites.net/webssh
    2. Copy the existing nginx.conf file with cp /etc/nginx/nginx.conf /home/site
    3. Modify the ngixn.conf file with using editor like nano /home/site/nginx.conf or vi /home/site/nginx.conf
    4. Uncomment server_tokens off under http section also add this more_clear_headers 'Server'; and save the file.

    enter image description here

    • Create a startup script in any location inside home directory, example: /home/site/startup.sh with the following content:
    #!/bin/bash
 apt-get update && apt-get install -y nginx-extras
 cp /home/site/nginx.conf /etc/nginx/nginx.conf
 service nginx reload

    Update Startup Command using Azure Portal from Configuration -> General Settings with the startup script location /home/site/startup.sh

    User's image

    Or using Azure CLI:

    az webapp config set --resource-group <resource-group-name> --name <app-name> --startup-file "/home/site/startup.sh"

    I have tested this in my local environment it is working fine, and I would suggest you validate from your end as well.

    Feel free to reach back to me if you have any further questions on this.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.