Django based website is hosted in azure webapp (python 3.8). As part of the security measure, I am trying to hide the server name from the response header. By default, it is gunicorn/20.0.4. In the Django app, I have implemented the middleware layer and added the following code
class testMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response["Server"] = "dummyserver"
response["X-XSS-Protection"] = 1
return response
In the local env, this setting is working. In the response header, the server name was dummyserver. But once it is deployed in the Azure web app the server name is displayed as gunicorn/20.0.4 in the response header, but strangely the other setting like X-XSS-Protection is working as expected.
It looks like the Azure web app by default replace the Django server name. Is there any way we can handle this? Thanks for your help.
I tried this option also
How to prevent Gunicorn from returning a 'Server' http header?
But once deployed it didn't resolve the problem.
add the gunicorn.SERVER_SOFTWARE = "dummyserver" but didn't worked out
import gunicorn
class testMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response["Server"] = "dummyserver"
response["X-XSS-Protection"] = 1
gunicorn.SERVER_SOFTWARE = "dummyserver"
return response
question from:
https://stackoverflow.com/questions/65851003/unable-to-hide-server-name-in-django-based-website-hosted-in-azure-webapp 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
