Last post Oct 12, 2018 07:34 AM by Brando ZWZ
Oct 11, 2018 03:47 PM|dbrosnan|LINK
There are many posts on this on google, but none that answer the problem that I have.
I have 20 web apps hosted in azure. 10 of them are on one IP address and 10 are on another IP address. Both servers/ip address are a mixture of web jobs and websites.
2 of the apps, are systems that do do credit card processing so therefore i have to run PCI Scans on the IP address or I could put in a domain name, i am not sure if it yields different results.
Once I do the scan on the IP address I get the following result "The remote web server discloses information via HTTP headers.". All the posts on the internet suggest to update the web.config with a few different values. This is fine and i havhe
done this, but the problem persists.
My questions are the following.
Here are the headers that i need to remove
Server type : Microsoft IIS
Server version : 10.0
Source : Microsoft-IIS/10.0
Any help would be greatly appreciated.
Oct 12, 2018 07:34 AM|Brando ZWZ|LINK
I assume i have to update all web apps with the necessary web.config entries. Is this correct?
As far as I know, if you want to remove the response heaeder, you should modify each web app's web config and modify the Global.asax codes.
Details about how to remove the response header you could refer to below article:
Can you help me understand how the scanner finds the lists of domain names using that IP address? Becaue without the domain names they would just have the IP address, and the web.config would then not matter as the website would not execute without the domain
name. Or do i understand incorrectly?
As far as I know, there are multiple tools which could help us find the information related with that IP. Like:https://ipinfo.info/html/ip_checker.php
Finally, and the most important. Can I block http headers at the level of the azure web app. So that i dont have go through and update all the web apps on the same server. Is there a setting in the azure portal that allows me to do this? This really would be
the solution that I am looking for.
As far as I know, there are no settings in the azure web app portal which could modify the response header.