Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-759

Customizable HTTP response to "/" (suppress headers)

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Major
    • 3.0
    • None
    • SyncGateway
    • Security Level: Public
    • None

    Description

      Originally: https://github.com/couchbase/sync_gateway/issues/3257

       

      As a developer, i should be able to customize the Sync Gateway response to the root path.

      This would typically be done to not reveal the version of the Sync Gateway to HTTP requests to the root path.

      It's less about response customisation and more about an option to protect against fingerprinting.

      https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)
      https://www.owasp.org/index.php/Fingerprint_Web_Application_(OTG-INFO-009)

      I think we can probably mask the Sync Gateway version to some extent, as long as clients don't rely on it for negotiation? The second link has a useful list of remediations.

      It would be impossible to mask the fact that Sync Gateway is the application that is running.

      Attachments

        Issue Links

          backports to

          Improvement - An improvement or enhancement to an existing feature or task. CBG-1235 [2.8.x Backport] Customizable HTTP response to "/" (suppress headers)

          • Major - Major loss of function.
          • Closed
          blocks

          Improvement - An improvement or enhancement to an existing feature or task. CM-530 Suppress headers in Sync Gateway HTTP responses

          • Major - Major loss of function.
          • Done
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ben.brooks Ben Brooks
              daniel.petersen Daniel Petersen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty