Skip to content

Proxy Disclosure

Description

If the proxy server can be detected or fingerprinted then this information will help a potential attacker to determine a list of targets against the application, potential vulnerabilities on the proxy servers and the presence or absence of any proxy-based components that are able to detect, prevent or mitigate the attack.

Remediation

  • Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.
  • Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing).
  • Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information.

REST Specific

Asp_net Implement custom error pages in the ASP.NET application to prevent default error messages from revealing sensitive information about the server or application structure. Additionally, configure the proxy to limit revealing headers and use encryption to protect against information disclosure.
Ruby_on_rails Implement strict filtering and validation of user inputs, use the Rails built-in mechanisms for escaping output, and regularly update the Rails framework and dependencies to mitigate the risk of proxy detection and fingerprinting.
Next_js Ensure that the Next.js server is configured to minimize the amount of information disclosed in HTTP headers or error messages. Use custom error pages and configure the server to suppress server version headers.
Laravel Implement middleware to obscure server headers, use HTTPS to encrypt traffic, and regularly update the Laravel framework and dependencies to mitigate the risk of proxy detection and fingerprinting.
Express_js To mitigate the risk of proxy server detection in Express.js applications, ensure that the 'X-Powered-By' header is disabled using 'app.disable('x-powered-by')'. Additionally, consider implementing a reverse proxy like Nginx or Apache to obscure the details of the underlying server and apply regular updates to all server components.
Django Ensure that Django's built-in security features are properly configured, such as setting 'SECURE_PROXY_SSL_HEADER' to the correct header and values that your proxy sets for HTTPS requests, and using 'SECURE_BROWSER_XSS_FILTER' to enable the browser's XSS filtering defenses. Regularly update Django to the latest version to benefit from security patches and improvements.
Symfony In Symfony, ensure that the proxy configuration does not expose sensitive information. Use the 'trusted_proxies' setting to define trusted proxies and apply 'X-Forwarded-For' headers only from these trusted sources. Regularly update Symfony and its dependencies to mitigate known vulnerabilities and employ security headers to prevent fingerprinting of the proxy server.
Spring_boot In Spring Boot applications, ensure that sensitive endpoints are secured with proper authentication and authorization controls. Utilize Spring Security to configure these controls and apply regular updates to the Spring Boot framework to mitigate known vulnerabilities. Additionally, consider using a custom server header or disabling server signature to obscure the details of the underlying proxy or server technology.
Flask Implement proper server configuration to obscure server banners, change default error pages, and use a web application firewall (WAF) to help mask the presence of the Flask framework and reduce the risk of fingerprinting.
Nuxt Ensure that the Nuxt.js server configuration is set to not disclose server signatures, versions, or other sensitive headers. Implement additional security headers and use middleware to filter out any information that could reveal the presence of a proxy or the specifics of the Nuxt.js framework.
Fastapi Implement proper input validation, use dependency injection with security in mind, and regularly update FastAPI and its dependencies to mitigate known vulnerabilities.
Frappe Ensure proper validation and sanitization of all user inputs in the Frappe framework to prevent injection attacks.
Genzio Ensure the Genzio framework engine is updated to the latest version to mitigate known vulnerabilities and enhance security features.
Gin Ensure proper configuration and security settings for the Gin framework to prevent proxy server fingerprinting and detection.
Gorilla Ensure the Gorilla framework engine is updated to the latest version to mitigate known vulnerabilities.
Hapi Ensure proper input validation and sanitization in Hapi.js routes to prevent injection attacks.
Hono Ensure the Hono framework engine is configured to obscure or limit proxy server information to prevent detection and fingerprinting by potential attackers.
Jersey Ensure proper configuration and update of Jersey framework to prevent exposure of sensitive information through error messages.
Koa Implement security headers and middleware to prevent information leakage in Koa applications.
Ktor Ensure proper configuration of the Ktor engine to prevent information leakage and apply security headers to protect against common vulnerabilities.
Leptos Regularly update and patch the Leptos framework to protect against known vulnerabilities.
Macaron Ensure secure configuration of the Macaron framework by disabling unnecessary features and using middleware for input validation and output encoding.
Phoenix Ensure proper configuration and security settings for the Phoenix framework to prevent information leakage and unauthorized access.
Redwoodjs Ensure proper configuration of RedwoodJS security settings and regularly update dependencies to mitigate potential vulnerabilities.
Rocket Ensure Rocket framework engine is configured to hide server details and disable any unnecessary headers to prevent fingerprinting.
Sveltekit Ensure secure handling of environment variables and API keys in SvelteKit by using server-side environment variables and never exposing them to the client-side code.

Configuration

Identifier: configuration/proxy_disclosure

Examples

Ignore this check

checks:
  configuration/proxy_disclosure:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API5:2023
  • OWASP LLM: LLM06:2023
  • pci: 1.3.7
  • gdpr: Article-32
  • soc2: CC6
  • psd2: Article-95
  • iso27001: A.13.1
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 200

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVSS_SCORE: 5.8