How to deal with Http header not detected error in SMA 1000

Description

After the PCI scan if you are getting error "HTTP header not detected on port 443 " in the vulnerability scan report then this article will help you to resolve the issue.

Resolution

TIP: Please take backup of your device before making any changes on the appliances. Make sure you are on the latest firmware and hotfixes.

NOTE: This resolution only works on firmware version higher than 12.4.0-02223. If its less or equal to this please upgrade your firmware first.

If you are having issues with vulnerability error "HTTP Security Header Not Detected on port 443"

CAUTION: we cannot block port 443 on SMA as the device needs this port for communication and all users connect to SMA using port 443.

Changing the IP address won't fix the issue, as the HTTP header not being detected is a security or vulnerability issue with the device, not with the IP address. 

By enhancing the security services on the device it can resolve your issue. 
To enable services click Services :- 

Image

Image

 

Under System Configuration--->Services---->Web Proxy Service---> Advanced 

Image

 

Enable X-Frame options,XSS Protection, Content Security Policy , Strict Transport Security, MIME Type Sniffing , Cross Domain Policy.

Enabling All will enhance the security of the device and it should pass the PCI vulnerability test.
if after enabling all you still are getting same issue kindly get in touch with us .

 

Related Articles

  • How to download Client Installation package and the access agents from the appliance using WinSCP
    Read More
  • SMA 1000: How to update Advanced EPC Signatures to the Latest Version
    Read More
  • If OTP is enabled, NX disconnects after SMA100 Connect Agent installation
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
Vulnerabilities
not finding your answers?
Ask the Community
was this article helpful?
YesNo