shahbazkhan1999
commented
5 months ago To disable TRACE and OPTIONS Methods:
Add this code in Nginx Configurations:
if ($request_method = TRACE) {
return 403;
}
if ($request_method = OPTIONS) {
return 403;
}Custom Error Pages:
Add this code in Nginx Configurations:
error_page 400 /error-pages/400.html;
error_page 401 /error-pages/401.html;
error_page 403 /error-pages/403.html;
error_page 404 /error-pages/404.html;Remove Server and X-Powered-By Headers:
Add this code in Nginx Configurations:
server_tokens off;
proxy_hide_header X-Powered-By;
alangmaid
CampD_UI_1211.xlsx
1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine - A list of targets for an attack against the application. - Potential vulnerabilities on the proxy servers that service the application. - The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.
Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server. Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing). Configure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages. Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.