Website Security Issues

Hello,

I have talked to the server host and they informed me this problem has to do with cloudflare. Can I get some information please.

Description
Technology that is used to implement the web server may have some known vulnerabilities. Disclosing the information about the technology usage can make the efforts of the attacker easier. This information might help an attacker gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific webserver version. Solution Ensure that your web server, application server, etc. is configured to suppress “Server” headers or provide generic details.

Thanks

Cloudflare already does this. It provides a generic “Server” header that says: cloudflare

Screen Shot 2021-11-17 at 12.46.38 PM

1 Like

Understood, we are not getting that, does this mean it is not configured properly?

I am getting nginx

Then it’s not proxied by Cloudflare. You need to use Cloudflare name servers with your host name set to :orange: Proxied.

ok i will try this i will get back to you ty

1 Like

Cloudflare set this header to a generic value, hiding whatever version of Httpd, Nginx, IIS or whatever other web server you are running. It is not possible to alter it further. Any attacker will already know you are using Cloudflare, so there is no useful attack data in the header.

Most web servers make it pretty difficult to strip the header completely, and there has been discussion previously that the header is actually mandatory.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.