Guidelines for the administration of WSO2 products includes security1 recommendation for the production environment. An advice is to update the default “Server” value of the product to prevent exposing information about the WSO2 product stack through HTTP header responses. I think this recommendation should apply to HTTP headers from ‘actual’ backend services as well. In this blog post, I will demonstrate how to prevent the exposure of backend services HTTP headers in WSO2 EI proxy responses. I shall also show how the solution can interfere with a requirement of a SOAPv1.2 proxy service.
Yenlo Knowledge Blog
Read, Contribute and Share