Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Server header being shown although set to FALSE

We installed a webdispatcher and got a security test on the project.

The analyst came back with the remark that the servername is being exposed in the header.

Now I looked it up in the Webdispatcher parameters, but there the parameter is set to FALSE:

is/HTTP/show_server_header         false

So according to the SAP documentation (note1616535) if this is set to false:

When you change this, the "Server:" header field is no longer set in HTTP responses.

But still we get the info from the PI server.

Does it also need to be set in the ICM parameters on the PI side? There the parameter is set to 1

Although security marked it as Low it is still a possibility for "Malicious users can use this information for attacks."

Former Member

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question