2

I configured a Frontdoor on Azure, with 2 rules

  • (HTTP endpoint) Rewrite HTTP to HTTPS
  • (HTTPS endpoint) HTTPS to backend pool When requesting the http endpoint Frontdoor answer this:
HTTP/1.1 302 Found
Location: https://example.com/
Server: Microsoft-IIS/10.0     <------
X-Azure-Ref: xxxxxxxx
Date: Wed, 08 Jul 2020 12:00:00 GMT
Content-Length: 0

Is it possible to remove this header ? I know it's a managed resource but I can't find any documentation on this matter/if it's normal. I don't believe it's my backend answering because my https endpoint doesn't answer me that ... but maybe?

Lauden
  • 88
  • 1
  • 8

1 Answers1

2

You can set Rules engine configuration in Front Door.

enter image description here

The server information may not be displayed at present due to my environment. But you can still refer to my screenshots for configuration.

I found that the information such as Date, although I modified it, still does not take effect. It may be related to the information returned by the azure server and cannot be modified. You can try to modify the Server information.

enter image description here

After the modification, if the Server information remains unchanged, there is no way to modify it.

Related similar posts you can refer to:

ASP.NET MVC 5 Azure App ZAP Scan indicates Proxy Disclosure vulnerability - how can we prevent that?

In the webapp, no matter the program is modified or in other ways, the server information cannot be modified.

So if the above method can be modified successfully, it can be of great help to you.

If it doesn't work, you don't have to spend time to deal with this problem. You can raise a ticket in portal to confirm.

Jason Pan
  • 15,263
  • 1
  • 14
  • 29