Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Register

FAQ

It is currently Wed Dec 06, 2023 8:32 am

ROOT ‹ Unix Networked Services & Applications ‹ Apache, Nginx, Lighttpd and other web server software ‹ Apache - Restricting "Server" information in HTTP response header with ServerTokens

This forum is dedicated to Apache, Nginx, Lighttpd, Squid and other HTTP transport protocol related software

1 post • Page 1 of 1

Apache - Restricting "Server" information in HTTP response header with ServerTokens

« Previous topic | Next topic »

Author

Message

Post subject: Apache - Restricting "Server" information in HTTP response header with ServerTokens | Posted: Thu Nov 10, 2011 6:39 am

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Apache - Restricting "Server" information in HTTP response header with ServerTokens

Apache - how to strip down the "Server" field in HTTP response header with ServerTokens

By default, the apache webserver may provide too detailed info in the http response header for your needs. Example:

Code:

HTTP/1.1 404 Not Found
Date: Thu, 10 Nov 2011 10:35:52 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1

Stripping down the "Server" field in the http response can be done in Apache with the "ServerTokens" directive:

Quote:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

I use the "Prod" value and this is the output:

Code:

HTTP/1.1 304 Not Modified
Date: Thu, 10 Nov 2011 10:38:52 GMT
Server: Apache
Connection: close
ETag: "fa50a-333-4b04c9edb0700"
Expires: Sat, 10 Dec 2011 10:38:52 GMT
Cache-Control: max-age=2592000

			Tweet
Follow @IvordeCom

You might also be interested in:
How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server. Apache: how to list virtual hosts that are currently configured on my Apache server ?. Apache 2.2 installation of mod_rewrite module without recompiling whole apache. Nginx + apache (for PHP) with real IP addresses in logs. How can I see what modules are loaded on my custom built Apache binary. Converting PhpBB-SEO Apache RewriteRule to Nginx rewrite. Apache to Nginx Server parameters translation with php function. Apache Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included. Apache: access to /dir failed, reason: require directives present and no Authoritative handler. NGINX: How to redirect http to https website.

Top

1 post • Page 1 of 1

Topics			Author	Replies	Views	Last post
Topics related to - "Apache - Restricting "Server" information in HTTP response header with ServerTokens"
		How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server	debuser	0	5535	Tue Aug 03, 2010 3:30 am debuser
		Apache: how to list virtual hosts that are currently configured on my Apache server ?	LaR3	0	4777	Sun Feb 07, 2010 10:04 am LaR3
		Apache 2.2 installation of mod_rewrite module without recompiling whole apache	debuser	0	6355	Tue Mar 23, 2010 11:22 am debuser
		Nginx + apache (for PHP) with real IP addresses in logs	designeru	0	3095	Tue May 18, 2010 9:49 am designeru
		How can I see what modules are loaded on my custom built Apache binary	LaR3	0	3087	Sun Feb 07, 2010 9:54 am LaR3
		Converting PhpBB-SEO Apache RewriteRule to Nginx rewrite	debuser	0	10585	Tue Feb 23, 2010 5:00 am debuser
		Apache to Nginx Server parameters translation with php function	debuser	0	105128	Thu Aug 26, 2010 7:47 am debuser
		Apache Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included	LaR3	0	6389	Mon Sep 21, 2009 6:42 pm LaR3
		Apache: access to /dir failed, reason: require directives present and no Authoritative handler	LaR3	0	5011	Mon Sep 21, 2009 6:48 pm LaR3
		NGINX: How to redirect http to https website	mandrei99	0	3906	Mon Feb 09, 2015 3:27 pm mandrei99

Who is online

Users browsing this forum: No registered users and 1 guest

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

ROOT ‹ Unix Networked Services & Applications ‹ Apache, Nginx, Lighttpd and other web server software

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]

phpBB SEO