Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 5395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Override the server header

Kien Trinh2

“Our penetration testing team has discovered that our servers are responding to client requests with the server software name and its version. For instance, the responses include identifiers like “openssh_for_windows_9.2” or “nginx 1.22.1”. Does anyone know how to hide or override these response headers on a Sophos XG firewall?”



This thread was automatically locked due to age.
Parents
  • 0

    For nginx you need to put the following in your nginx.conf file: 

    server_tokens off;

    This will stop sending version information.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0

    For nginx you need to put the following in your nginx.conf file: 

    server_tokens off;

    This will stop sending version information.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML