Remove "server awselb/2.0" header from application responses

1

During a pentest of one of our apps running behind an AWS API GW the report showed that the API GW returns a "server awselb/2.0" header, which is identified as a risk by the pentesters. To my knowledge there is no way to remove/suppress such a header, but perhaps I am missing something? Is this something anybody else has ever faced?

rePost-User-2589686
a year ago
can you please update on how did you resolve this?

Topics

Serverless Front-End Web & Mobile Networking & Content Delivery

Tags

Amazon API Gateway

Language

English

niccogiulianelli

asked 2 years ago4836 views

2 Answers

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

I am facing the same issue

AWS-User-1125538

answered 2 years ago

0

Facing the same issue. Is there any WAF that can be used to avoid this issue?

answered a year ago

Relevant content

Create API GW Websocket API that is only accessible from within a VPC.
AWS-User-1922136
asked 2 years ago
Is there a "rest api gw usage plans" equivalent solution for http api gw?
Accepted Answer
Yedidya Schwartz
asked a year ago
How to shorten the API response time in a API GW + Lambda solution
Eric Zhang
asked 2 years ago
Return Count from Lambda into the "Response Header" of the API
Accepted Answer
Martin V
asked 4 years ago
How can I configure a custom domain endpoint for multiple API Gateway APIs behind a CloudFront web distribution?
AWS OFFICIALUpdated 2 years ago
How can I forward the host header with private integration for an API Gateway REST API?
AWS OFFICIALUpdated 9 months ago
How can I pass a connectionId or custom token to VPC Link integration as a header for Amazon API Gateway WebSocket APIs?
AWS OFFICIALUpdated a year ago
How do I reduce the latency of slow responses from CloudFront?
AWS OFFICIALUpdated 2 years ago
How do I find IP addresses of SMTP Clients behind a NAT gateway?
EXPERT
Jonathan_D
published 10 months ago
Amazon GameLift releases a new version of the server SDKs and game engine plugins
EXPERT
Sachin
published 2 months ago