Re: Question Concerning cURL Commad

On Sat, 2 Nov 2019, at 19:35, Ravanell Lang via curl-users wrote:
> We have filtered out our web server information using three known
> filter-out security tags in our web.config. And we have reverified that
> our web server info is not being displayed using Web Browser Developer
> Tools and iCurlHTTP app. However when we use < curl -I -s -H “Host:
> evil.com” www.example.com>, it displays our web server info. Our team
> believe cURL is pulling our server info from our load balancer/proxy
> server.
>
> Our question is where is cURL pulling our server info from if we have
> it filtered out on web server?

Maybe I don't understand what you're asking, or what your server set-up
is... but if you're running curl on another machine, sending a request to
this mysterious server... and your server is then sending more info than
was expected back to the machine that's running curl... it's not curl that's
"pulling info", but instead your machine that's sending it.

Maybe you need to show us verbose output from the instance of curl
that is asking for info, and what it gets back, and also whatever your
server logs show for that process. You might want to xxx-out anything
in that that's too confidential... but it would help if we knew what part
of that info is what you think shouldn't be being sent to curl.

 Maybe then someone familiar with server set-up can say if it's possible
to suppress that info from what a server is sending. I think otherwise
your question is too vague.
 

-- 
Jeremy Nicoll - my opinions are my own.
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html