Proxy Disclosure
Description
If the proxy server can be detected or fingerprinted then this information will help a potential attacker to determine a list of targets against the application, potential vulnerabilities on the proxy servers and the presence or absence of any proxy-based components that are able to detect, prevent or mitigate the attack.
Remediation
- Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.
- Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing).
- Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information.
REST Specific
Asp_net
Implement custom error pages in the ASP.NET application to prevent default error messages from revealing sensitive information about the server or application structure. Additionally, configure the proxy to limit revealing headers and use encryption to protect against information disclosure.
Ruby_on_rails
Implement strict filtering and validation of user inputs, use the Rails built-in mechanisms for escaping output, and regularly update the Rails framework and dependencies to mitigate the risk of proxy detection and fingerprinting.
Next_js
Ensure that the Next.js server is configured to minimize the amount of information disclosed in HTTP headers or error messages. Use custom error pages and configure the server to suppress server version headers.
Laravel
Implement middleware to obscure server headers, use HTTPS to encrypt traffic, and regularly update the Laravel framework and dependencies to mitigate the risk of proxy detection and fingerprinting.
Express_js
To mitigate the risk of proxy server detection in Express.js applications, ensure that the 'X-Powered-By' header is disabled using 'app.disable('x-powered-by')'. Additionally, consider implementing a reverse proxy like Nginx or Apache to obscure the details of the underlying server and apply regular updates to all server components.
Django
Ensure that Django's built-in security features are properly configured, such as setting 'SECURE_PROXY_SSL_HEADER' to the correct header and values that your proxy sets for HTTPS requests, and using 'SECURE_BROWSER_XSS_FILTER' to enable the browser's XSS filtering defenses. Regularly update Django to the latest version to benefit from security patches and improvements.
Symfony
In Symfony, ensure that the proxy configuration does not expose sensitive information. Use the 'trusted_proxies' setting to define trusted proxies and apply 'X-Forwarded-For' headers only from these trusted sources. Regularly update Symfony and its dependencies to mitigate known vulnerabilities and employ security headers to prevent fingerprinting of the proxy server.
Spring_boot
In Spring Boot applications, ensure that sensitive endpoints are secured with proper authentication and authorization controls. Utilize Spring Security to configure these controls and apply regular updates to the Spring Boot framework to mitigate known vulnerabilities. Additionally, consider using a custom server header or disabling server signature to obscure the details of the underlying proxy or server technology.
Flask
Implement proper server configuration to obscure server banners, change default error pages, and use a web application firewall (WAF) to help mask the presence of the Flask framework and reduce the risk of fingerprinting.
Nuxt
Ensure that the Nuxt.js server configuration is set to not disclose server signatures, versions, or other sensitive headers. Implement additional security headers and use middleware to filter out any information that could reveal the presence of a proxy or the specifics of the Nuxt.js framework.
Fastapi
Implement proper input validation, use dependency injection with security in mind, and regularly update FastAPI and its dependencies to mitigate known vulnerabilities.
Configuration
Identifier:
configuration/proxy_disclosure
Examples
Ignore this check
checks:
configuration/proxy_disclosure:
skip: true
Score
- Escape Severity: LOW
Compliance
- OWASP: API5:2023
- pci: 1.3.7
- gdpr: Article-32
- soc2: CC6
- psd2: Article-95
- iso27001: A.13.1
- nist: SP800-53
- fedramp: AC-4