Health check: can we hide x-aw-version information

PHeier · ‎05-10-2021

We have a onprem Workspace ONE envirionment and want to block version information outside.

When running the Health check on the device server adres with this command (this is a SaaS example):
curl -s --head --request GET https://ds801.awmdm.com/deviceservices/awhealth/v1

will result with the following information:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
X-Correlation-ID: 7c01f260-90e3-4eb9-8859-a80fd5d31694
x-aw-version: 21.2.0.5
Date: Wed, 05 May 2021 14:07:05 GMT
Content-Length: 74

Is there a way to NOT show the x-aw-version information?

Noordan · ‎05-11-2021

Hi,

The information I have got from my contacts at VMware (when asking the same question for one of my security minded customer) is that you should not remove the information in the header because this information is used for backward combability.

PHeier · ‎05-11-2021

VMware support gives the following reply (good to know)

The x-aw-version header is used as part of the initial SDK validation for responses return from Device service server to confirm if they are coming from the correct endpoint in a supported version. Without this HTTP header will cause validation issue for any applications that utilises the WSO SDK.

All

Health check: can we hide x-aw-version information

Workspace ONE UEM