Server Discloses Software Version (Expose Server in Response Header) Details: Server Name expose in Response Header Solution Tried but it didn't solve the issue: Configure Azure by creating new rules Add/configure web.config Created class in program.cs Note: I cant find NGINX in application gateway and web app services.

@Krischell Villadulid Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this. Based on the shared information, I have understood that you are trying to eliminate the Server header from the app service response and also, I assume that your application is running on Linux app service Plan. If yes, you can follow the below set of instructions on remove/eliminate the server header. SSH your web app through https://SITE-NAME-HERE.scm.azurewebsites.net/webssh Copy the existing nginx.conf file with cp /etc/nginx/nginx.conf /home/site Modify the ngixn.conf file with using editor like nano /home/site/nginx.conf or vi /home/site/nginx.conf Uncomment server_tokens off under http section also add this more_clear_headers 'Server'; and save the file. Create a startup script in any location inside home directory, example: /home/site/startup.sh with the following content: #!/bin/bash apt-get update && apt-get install -y nginx-extras cp /home/site/nginx.conf /etc/nginx/nginx.conf service nginx reload Update Startup Command using Azure Portal from Configuration -> General Settings with the startup script location /home/site/startup.sh Or using Azure CLI: az webapp config set --resource-group <resource-group-name> --name <app-name> --startup-file "/home/site/startup.sh" I have tested this in my local environment it is working fine, and I would suggest you validate from your end as well. Feel free to reach back to me if you have any further questions on this.

Server Discloses Software Version (Expose Server in Response Header)

Krischell Villadulid 5

Server Discloses Software Version (Expose Server in Response Header)

Details: Server Name expose in Response Header

User's image

Solution Tried but it didn't solve the issue:

Configure Azure by creating new rules

User's image

Add/configure web.config

User's image

Created class in program.cs

User's image

Note: I cant find NGINX in application gateway and web app services.

Jarvis Sun-MSFT 10,181 Reputation points Microsoft Vendor

2023-09-28T02:47:51.4066667+00:00

Since the Exchange Server Management tag is usually more about ordinary Exchange issues, your issue is more related with develop requirement, I have added the Exchange Server Development tag, so that you can get further help. Thanks for your understanding.
VenkateshDodda-MSFT 19,631 Reputation points Microsoft Employee

2023-10-03T03:57:37.8766667+00:00

Hello @Krischell Villadulid ,

Following up to see if you have a chance to check my previous response and helped. Do let us know if you have any further questions on this.
Krischell Villadulid 5 Reputation points

2023-10-03T17:18:39.09+00:00

@VenkateshDodda-MSFT

Yes I already tried your solution but Server name in Request Header still there.

I also tried this.

We have a docker file for Nginx

and I located the nginx in our repository

I added this

and got 502 error after I deployed it.
VenkateshDodda-MSFT 19,631 Reputation points Microsoft Employee

2023-10-05T13:21:21.96+00:00

@Krischell Villadulid Thanks for your response and apologize for the delay in my response.

In my answer I have requested you to change the nginx conf and also create a startup script to copy back the changed nginx.conf file and also to reload the nginx service as well.

But from your response I can see you have made the changes to nginx.conf file only and haven't did reloading of nginx service.

Also, from the browser network trace screenshot (developer tools) I can see that the server header value as Microsoft-Azure-Application-Gateway/v2 which means that this value is coming from application gateway.

Request you to go through this documentation on how to rewrite the headers and the URL in application gateway.
Jarvis Sun-MSFT 10,181 Reputation points Microsoft Vendor

2023-10-12T08:29:00.51+00:00

@Krischell Villadulid ,I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer so that others in the community facing similar issues can easily find the solution.

1 answer

VenkateshDodda-MSFT 19,631 Reputation points Microsoft Employee

2023-09-28T09:12:07.4866667+00:00
@Krischell Villadulid Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.

Based on the shared information, I have understood that you are trying to eliminate the Server header from the app service response and also, I assume that your application is running on Linux app service Plan.

If yes, you can follow the below set of instructions on remove/eliminate the server header.

SSH your web app through https://SITE-NAME-HERE.scm.azurewebsites.net/webssh

Copy the existing nginx.conf file with cp /etc/nginx/nginx.conf /home/site

Modify the ngixn.conf file with using editor like nano /home/site/nginx.conf or vi /home/site/nginx.conf

Uncomment server_tokens off under http section also add this more_clear_headers 'Server'; and save the file.

Create a startup script in any location inside home directory, example: /home/site/startup.sh with the following content:

#!/bin/bash apt-get update && apt-get install -y nginx-extras cp /home/site/nginx.conf /etc/nginx/nginx.conf service nginx reload

Update Startup Command using Azure Portal from Configuration -> General Settings with the startup script location /home/site/startup.sh

Or using Azure CLI:

az webapp config set --resource-group <resource-group-name> --name <app-name> --startup-file "/home/site/startup.sh"

I have tested this in my local environment it is working fine, and I would suggest you validate from your end as well.

Feel free to reach back to me if you have any further questions on this.
Please sign in to rate this answer.
Juan Reyes 0 Reputation points

2024-02-29T12:01:34.8366667+00:00

Hi! Sorry to comment on a solved topic but i have an issue applying your answer.

It seems like at this moment, trying to execute "apt-get install nginx-extras" ends up in this error:

Err:1 https://packages.sury.org/nginx bullseye/main amd64 nginx-extras amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:2 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-cache-purge amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:3 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-fancyindex amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:4 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-headers-more-filter amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:5 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-ndk amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:6 https://packages.sury.org/nginx bullseye/main amd64 libluajit-5.1-common all 2.1.0~beta3+dfsg-6+0~20230615.3+debian11~1.gbp2be20b> 404 Not Found [IP: 212.102.40.113 443]> Err:7 https://packages.sury.org/nginx bullseye/main amd64 libluajit-5.1-2 amd64 2.1.0~beta3+dfsg-6+0~20230615.3+debian11~1.gbp2be20b> 404 Not Found [IP: 212.102.40.113 443]> Err:8 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-lua amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:9 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-perl amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:10 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-http-uploadprogress amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> Err:11 https://packages.sury.org/nginx bullseye/main amd64 libnginx-mod-nchan amd64 1.24.0-1+0~20230615.28+debian11~1.gbpd7c5fc> 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/nginx-extras_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-cache-purge_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-fancyindex_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-headers-more-filter_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-ndk_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/l/luajit/libluajit-5.1-common_2.1.0%7ebeta3%2bdfsg-6%2b0%7e20230615.3%2bdebian11%7e1.gbp2be20b_all.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/l/luajit/libluajit-5.1-2_2.1.0%7ebeta3%2bdfsg-6%2b0%7e20230615.3%2bdebian11%7e1.gbp2be20b_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-lua_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-perl_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-http-uploadprogress_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]> E: Failed to fetch https://packages.sury.org/nginx/pool/main/n/nginx/libnginx-mod-nchan_1.24.0-1%2b0%7e20230615.28%2bdebian11%7e1.gbpd7c5fc_amd64.deb 404 Not Found [IP: 212.102.40.113 443]

I understand this should be temporal but, is there any alternative solution to this? thanks in advance!
Sign in to comment

Share via

Server Discloses Software Version (Expose Server in Response Header)

Solution Tried but it didn't solve the issue:

1 answer