App gateway v2 - unable to remove Server response header with response code 501

Stanislav Harvan 21 Reputation points
2021-11-15T12:35:50.397+00:00

I'm having vulnerability when getting response with http code 501. I'm getting the server field in the headers:
"Server" key, value "Microsoft-Azure-Application-Gateway/v2"
And also

I'm using Azure Application Gateway v2 to use rewrite rules to solve this. With the rewrite, I can delete the server key in the response headers when getting 2xx http codes but for responses with 4xx and 5xx I'm still getting the server key in the headers. How can I resolve this?

Thanks in advance.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
559 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 27,146 Reputation points Microsoft Employee
    2021-11-22T12:03:51.81+00:00

    Hello @Stanislav Harvan ,

    I checked with the Azure Application Gateway Product Group team and below is their response on this issue:

    Rewrites do not work on responses generated directly from the Application Gateway.
    This is currently not supported and is part of the backlog. There isn’t an ETA on this but we will be working on this limitation soon.

    I am working with the team to add this to the limitation section on our docs:
    https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful