This article is a part of our Web Security Knowledge Base (back to index)
Why Proxy Disclosure can be dangerous
If the proxy server can be detected or fingerprinted then this information will help a potential attacker to determine a list of targets against the application, potential vulnerabilities on the proxy servers and the presence or absence of any proxy-based components that are able to detect, prevent or mitigate the attack.
How to fix Proxy Disclosure
Disable ‘TRACE’ and ‘OPTIONS’ (if it’s not required for other purposes, such as ‘CORS’) methods on the proxy servers, as well the webapp server.
Configure all proxies and webapp servers to prevent disclosure of the technology and version information in ‘Server’ and ‘X-Powered-By’ HTTP response headers.
Configure webapp with custom error pages to prevent ‘fingerprintable’ specific for the product error pages being leaked to the user.
How does ScanRepeat report Proxy Disclosure
ScanRepeat uses TRACE, OPTIONS and TRACK methods to detect or fingerprint proxy servers between ScanRepeat and the webapp. It reports every proxy server and web application server which have been identified, along with their detected versions.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now