How to Hide Server Banner and ASP.Net Version in Kong Ingress Responses?

[Sarthak12]

Hello,

During a recent security assessment, it was identified that the server banner (kong/3.6.1 and nginx/1.26.2) and ASP.Net version information are revealed in the responses. Banner grabbing is a technique used to remotely gain information about the web server (version, underlying OS, vendor, etc.). By identifying the HTTP server or technology framework version, an adversary can determine known vulnerabilities related to the framework version and the appropriate exploits for the same.

I am facing an issue setting the configuration on my Kong ingress to remove or hide these details in the response.
Could anyone provide guidance or best practices on how to achieve this?

Thank you in advance for your help!

Best regards,
Sarthak Saxena

[StarlightIbuki]

Please check docs.konghq.com/hub/kong-inc/response-transformer