This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Dynatrace Managed Security Audit HTTP Response Header

Go to solution
ssmeets
Guide

‎21 Aug 2020 01:14 PM

Hello,

At one of my customers we're in the process of installing Dynatrace Managed. Security is doing an audit and they have found some information in the HTTP Response Header of the Dynatrace UI that shouldn't be there.

The information is as follows:

Server: nginx

Traffic-Source: CUSTOMER

Security says that information about what webserver Dynatrace Managed is running on, can be misused by certain individuals. They claim that this information shouldn't be there.
I need to give them an answer why this information is included in the HTTP Response header.

Also, they said that the Web.conf file was visible during one request when they tested the POC-environment over a year ago. Can someone guarantee that this should not be the case?

Can someone help me with this?

Thanks in advance!

0 Kudos
Reply
4 REPLIES 4

Go to solution
Radoslaw_Szulgo
Inactive

‎21 Aug 2020 07:09 PM

information disclosure may be the case - if it is - we will make sure this to hidden.

For the web.conf I’d be very surprised.

Anyway, please open support case so we can track that individually.

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
ssmeets
Guide
In response to Radoslaw_Szulgo

‎24 Aug 2020 12:12 PM

Thanks for your answer! Unfortunately, I can't give anymore information because this was feedback from a POC environment that they audited. I just wanted to make sure what Dynatrace's statements were on these points.

If I receive any feedback from Security on the new environment, I'll open a support ticket to discuss these points further 🙂


Reply

Go to solution
Michael_Plank
Dynatrace Guide
Dynatrace Guide

‎24 Aug 2020 07:33 AM

While we are fixing this in the product, this might be a nginx setting that can be configured in the nginx configuration file.

For reconfiguring nginx settings in Dynatrace Managed, we offer a functionality which is described here: https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/configurable-properties-of-dynatrace-managed/

Reply

Go to solution
ssmeets
Guide
In response to Michael_Plank

‎24 Aug 2020 12:21 PM

Thanks for your thorough answer. This gives me enough information 🙂

Reply
Ask a question

Featured Posts