https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116073#M1381 <P>Thanks for your thorough answer. This gives me enough information <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 24 Aug 2020 11:21:44 GMT ssmeets 2020-08-24T11:21:44Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116069#M1377 <P>Hello,</P><P>At one of my customers we're in the process of installing Dynatrace Managed. Security is doing an audit and they have found some information in the HTTP Response Header of the Dynatrace UI that shouldn't be there.</P><P>The information is as follows:</P><P>Server: nginx</P><P>Traffic-Source: CUSTOMER</P><P>Security says that information about what webserver Dynatrace Managed is running on, can be misused by certain individuals. They claim that this information shouldn't be there.<BR />I need to give them an answer why this information is included in the HTTP Response header. </P><P>Also, they said that the Web.conf file was visible during one request when they tested the POC-environment over a year ago. Can someone guarantee that this should not be the case?</P><P>Can someone help me with this?</P><P>Thanks in advance!</P> Fri, 21 Aug 2020 12:14:44 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116069#M1377 ssmeets 2020-08-21T12:14:44Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116070#M1378 <P>information disclosure may be the case - if it is - we will make sure this to hidden. </P><P>For the web.conf I’d be very surprised. </P><P>Anyway, please open support case so we can track that individually.</P> Fri, 21 Aug 2020 18:09:39 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116070#M1378 Radoslaw_Szulgo 2020-08-21T18:09:39Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116071#M1379 <P>While we are fixing this in the product, this might be a nginx setting that can be configured in the nginx configuration file.</P><P>For reconfiguring nginx settings in Dynatrace Managed, we offer a functionality which is described here: https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/configurable-properties-of-dynatrace-managed/</P> Mon, 24 Aug 2020 06:33:11 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116071#M1379 Michael_Plank 2020-08-24T06:33:11Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116072#M1380 <P>Thanks for your answer! Unfortunately, I can't give anymore information because this was feedback from a POC environment that they audited. I just wanted to make sure what Dynatrace's statements were on these points. <BR /><BR />If I receive any feedback from Security on the new environment, I'll open a support ticket to discuss these points further <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P><BR /></P> Mon, 24 Aug 2020 11:12:55 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116072#M1380 ssmeets 2020-08-24T11:12:55Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116073#M1381 <P>Thanks for your thorough answer. This gives me enough information <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 24 Aug 2020 11:21:44 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Dynatrace-Managed-Security-Audit-HTTP-Response-Header/m-p/116073#M1381 ssmeets 2020-08-24T11:21:44Z