How to fix Proxy Disclosure Using CDN Frontend ?
Hi Team,
I need your help for these points to fix Proxy Disclosure, so my questions are how to :
1- Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.
2- Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing).
3- Configure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages.
4- Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.
This is a table specifying theneeds:
Evidence
Thanks for your feedback.