Django based website is hosted in azure webapp (python 3.8). As part of the security measure, I am trying to hide the server name from the response header. By default, it is gunicorn/20.0.4. In the Django app, I have implemented the middleware layer and added the following code
class testMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response["Server"] = "dummyserver"
response["X-XSS-Protection"] = 1
return response
In the local env, this setting is working. In the response header, the server name was dummyserver. But once it is deployed in the Azure web app the server name is displayed as gunicorn/20.0.4 in the response header, but strangely the other setting like X-XSS-Protection is working as expected.
It looks like the Azure web app by default replace the Django server name. Is there any way we can handle this? Thanks for your help.
Update 24/01/2021
I tried this option also
https://stackoverflow.com/questions/16010565/how-to-prevent-gunicorn-from-returning-a-server-http-he...
But once deployed it didn't resolve the problem.
add the gunicorn.SERVER_SOFTWARE = "dummyserver" but didn't worked out
import gunicorn
class testMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response["Server"] = "dummyserver"
response["X-XSS-Protection"] = 1
gunicorn.SERVER_SOFTWARE = "dummyserver"
return response
