Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 2647 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Server HTTP Header Information Disclosure

Alireza Bavi

Hello everyone,

I have a question regarding the usage of the command 'set http_proxy add_via_header off' in the CLI. We currently have a website and multiple host services, and we are considering disabling HTTP header information disclosure by request. However, before making this change, I wanted to inquire if there could be any potential effects on our services or other applications.

Would using the 'set http_proxy add_via_header off' command in the CLI have any unintended consequences or impact on our website and host services?

Thank you for your assistance!"



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Thank you for contacting the Sophos Community.

    It would depend on your requirements and security considerations and if you have any compliance or auditions.

    If you disable it, you’ll lose, or the server will lose information about the path a request has followed to your server, making it less easy for your network team to troubleshoot issues. Since the header is gone, and if there are different ways to get to your server other than the WAF, you won’t know the difference in the request.

    I will recommend you to check with your Security team about the implications of disabling it, as they would have a better understanding of what additional consequences disabling this check could cause to your servers.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thank you for your reply.

     If the need arises, would it be possible to turn this option back on? I want to ensure that I have a comprehensive understanding of its implications before making any adjustments.

Reply Children
No Data
Unfiltered HTML