cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Managed Security Audit HTTP Response Header

ssmeets
Guide

Hello,

At one of my customers we're in the process of installing Dynatrace Managed. Security is doing an audit and they have found some information in the HTTP Response Header of the Dynatrace UI that shouldn't be there.

The information is as follows:

Server: nginx

Traffic-Source: CUSTOMER

Security says that information about what webserver Dynatrace Managed is running on, can be misused by certain individuals. They claim that this information shouldn't be there.
I need to give them an answer why this information is included in the HTTP Response header.

Also, they said that the Web.conf file was visible during one request when they tested the POC-environment over a year ago. Can someone guarantee that this should not be the case?

Can someone help me with this?

Thanks in advance!

4 REPLIES 4

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

information disclosure may be the case - if it is - we will make sure this to hidden.

For the web.conf I’d be very surprised.

Anyway, please open support case so we can track that individually.

Technical Product Manager,
Dynatrace Managed expert

Thanks for your answer! Unfortunately, I can't give anymore information because this was feedback from a POC environment that they audited. I just wanted to make sure what Dynatrace's statements were on these points.

If I receive any feedback from Security on the new environment, I'll open a support ticket to discuss these points further 🙂


Michael_Plank
Dynatrace Contributor
Dynatrace Contributor

While we are fixing this in the product, this might be a nginx setting that can be configured in the nginx configuration file.

For reconfiguring nginx settings in Dynatrace Managed, we offer a functionality which is described here: https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/configurable-properties-of-dynatrace-managed/

Thanks for your thorough answer. This gives me enough information 🙂