Feature: Support a flag to delete Sensitive Headers

jcmoraisjr / haproxy-ingress

HAProxy Ingress

https://haproxy-ingress.github.io

Apache License 2.0

1.04k stars 270 forks source link

Feature: Support a flag to delete Sensitive Headers #319

Open RisingPhorce opened 5 years ago

RisingPhorce commented 5 years ago

Per reverse proxy best practices, please consider adding a flag to delete headers that may often expose internal application/framework versions and potentially vulnerable targets. Perhaps a list of headers or regexs.

rspidel ^Server:.*$
rspidel ^X-Powered-By:.*$
rspidel ^X-AspNet-Version:.*$

jcmoraisjr commented 4 years ago

Hi, how'd you see the interface of such option? The number and type of headers may change a lot from one workload to another, I cannot see a way to implement a generic solution. Perhaps you are just talking about a kind of syntax sugar for config-backend where one would name a list of blacklisted headers instead of haproxy keywords?

RisingPhorce commented 4 years ago

Yes, I was considering a list of blacklisted headers. However, I would like support for configuring it on the frontend so that they are globally banned for all backends.