- Más nuevo
- Más votos
- Más comentarios
We are facing the same issue. However we see that since awselb is managed by AWS, they do not have a direct solution yet; but below are how it is possible to be done. Additionally, how many attacks have happened due to this; as elb being managed and patched regularly by AWS.
According to other re:post answers, It is not possible to configure the ELB to do not expose that header.
However, as a workaround, you can override the value using CloudFront edge functions.
Furthermore, we are seeking additional information to know if AWS WAF has the capability of hiding the server info from the response. While there is possibilities of doing this via third party WAFs as per the linked re:post
Facing the same issue. Is there any WAF that can be used to avoid this issue?
It is not possible to hide this header directly on Application Load Balancer. Use Amazon CloudFront's Response Headers Policies instead. Please see my response to a similar question on re:Post, on How to prevent "awselb/2.0" server information exposure in HTTP response header.
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
AWS WAF is inspecting the incoming HTTP traffic (requests, not responses)