Obfuscate HTTP headers" which need to hides the HTTP server banner.

We found below vulnerability in audit point

"Fortigate - Obfuscate HTTP headers" which need to hides the HTTP server banner.

Kindly let me know what action need to be taken to mitigate this

SuperUser

If you mean the HTTP(S) admin GUI of the Fortigate itself, then once upon a time tehre was such settings which is gone now:

config system global

set http-obfuscate {none | header-only | modified | no-error}

If you mean obfuscate headers sent by HTTP servers behind the FOrtigate - there is no such option, Fortinet have Fortiweb for that.

Sign up