How to Hide Server/Software Version (Werkzeug & Python) from Superset Response Header?
Question:
Any ideas/suggestions on how to hide software/server version in Superset? We hired an information security company to perform an external pen-testing in our servers and one of the issues raised was to hide all the software versions being disclosed on application headers/error messages.
So for example if I execute this command from a terminal:
curl -I -k https://localhost:8181/
It is disclosing the server information by default (line 5 below).
HTTP/1.0 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 241
Location: https://localhost:8089/superset/welcome
Server: Werkzeug/1.0.1 Python/3.6.10
Date: Mon, 20 Jul 2020 12:07:33 GMT
Answers:
Follow these steps:
-
Go to your Superset directory. In my case, cd /usr/local/lib/python3.6/site-packages/superset/
-
Modify config.py
-
Find and edit this line: OVERRIDE_HTTP_HEADERS: Dict[str, Any] = {"Server":""}
-
Restart Superset and you’re done
How can we remove the http response header(Werkzeug & Python)for the docker image running.
Any ideas/suggestions on how to hide software/server version in Superset? We hired an information security company to perform an external pen-testing in our servers and one of the issues raised was to hide all the software versions being disclosed on application headers/error messages.
So for example if I execute this command from a terminal:
curl -I -k https://localhost:8181/
It is disclosing the server information by default (line 5 below).
HTTP/1.0 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 241
Location: https://localhost:8089/superset/welcome
Server: Werkzeug/1.0.1 Python/3.6.10
Date: Mon, 20 Jul 2020 12:07:33 GMT
Follow these steps:
-
Go to your Superset directory. In my case,
cd /usr/local/lib/python3.6/site-packages/superset/ -
Modify
config.py -
Find and edit this line:
OVERRIDE_HTTP_HEADERS: Dict[str, Any] = {"Server":""} -
Restart Superset and you’re done
How can we remove the http response header(Werkzeug & Python)for the docker image running.