Sanitize HTTP Headers
Posted: Mon Apr 22, 2024 6:23 pm
We have found that the HTTP Server Signature header returned by WingFTP has the name of the person who purchased the license included. For example if a person named Bob Jones purchased the license, then the HTTP Server Signature that is returned is "WingFTP Server(Bob Jones)"
Given how many random internet scanners hit every IP looking for endpoints to brute force, this disclosure is not ideal. I would like to request that the individual name be removed from the HTTP response headers and that it only be "WingFTP Server"
Given how many random internet scanners hit every IP looking for endpoints to brute force, this disclosure is not ideal. I would like to request that the individual name be removed from the HTTP response headers and that it only be "WingFTP Server"