Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Franz 13 posts 66 karma points
    Feb 18, 2014 @ 12:21
    Franz
    0

    Hide ImageGen version

    Hello,

    We recently had a PenTest on our Umbraco 6.1.6 website on which we use ImageGen Pro version 2.9.0.30864.

    "It was observed that the tested website discloses information about its configuration and components' versions. This provides information to an attacker about the underlying platform and technologies that could have otherwise been unknown: ImageGen Professional version disclosure."

    Kinda silly, I know, but... is there a way hide all the ImageGen version stuff? We already have <HideDomains>true</HideDomains> in the config.

    Cheers! :)

    Copy Link
  • Douglas Robar 3570 posts 4711 karma points MVP ∞ admin c-trib
    Feb 19, 2014 @ 16:23
    Douglas Robar
    100

    Hi, Franz,

    Sorry, there isn't a way to display no information at all from ImageGen.

    You might consider a urlrewrite rule or router rule that disallows requests to ImageGen.ashx?version from any outside IP address.

    cheers,
    doug.

    Copy Link
  • Franz 13 posts 66 karma points
    Feb 20, 2014 @ 17:30
    Franz
    0

    Thanks Doug! :)

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft