Bad Gateway exposing server header

Neeraj Mahajan 121 Reputation points
2022-12-07T07:41:13.22+00:00

Using Azure Functions

I was getting 502 Bad Gateway but it is revealing my server information in response headers. In code I have added customheaders setting already. But the thing is, I don't think it is reaching my code during 502 error. Can there be any settings done on configuration level as we are **not using APIM on this particular function app.

host.json

-------------------------------------------------------------------------

"extensions": {
"http":
{
"customHeaders": {
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Content-Security-Policy": "default-src 'self'",
"Server": "None",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY"
}
}
}

------------------------------------------------------------------------------

Below is the screenshot.268527-fe33223e-2a31-4eb7-b83c-efcdf48f93a2.jpg

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,336 questions
{count} votes

Accepted answer
  1. MughundhanRaveendran-MSFT 12,481 Reputation points
    2023-01-09T06:29:32.68+00:00

    Hi @Anonymous ,

    For a 502 response, the request will not have reached the back end worker process, so implementing changes in the web.config and global.asax would not work as it won't reach the backend server. The resulting server header is not the server header of the application’s web server, but of a proxy in between. This proxy is a Front end load balancer that forwards the requests to the backend server.

    Unfortunately, it is not possible to remove the Server header from the response generated solely by the Azure Function Front End (FE) instances/server. You can have a Azure APIM in front of the Azure functions to mask the server details.

    Hope this helps! Feel free to reach out to me if you have any questions or concerns.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.