Remove Server header in Error Page


#1

Are we able to Remove Server header in Error Page?


#2

Can you please include some context? What Error Page? Are you using RStudio Server? RStudio Server Pro? Shiny server? If you’re getting to the error page through code, it would be great if you could include a reprex (short for minimal reproducible example)? It will, in short, help us help you.

If you’ve never heard of a reprex before, you might want to start by reading the tidyverse.org help page. The reprex dos and don’ts are also useful.


#3

Hi,

Thank you for your reply. We have the face this vulnerability when running a security scan on R Studio Server Community on Red Hat Linux Enterprise 7 (RHEL). We have also configure a reverse proxy using nginx.

When the server encountered a 500, 400, 404 error. Th server response header will show the status code. The implication is knowing whether certain inputs trigger a server error can aid or inform an attacker of potential vulnerabilities. It there a way to hide/remove the error status code or removing the server header?