Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Fri Dec 09, 2016 6:46 pm


This forum is dedicated to Apache, Nginx, Lighttpd, Squid and other HTTP transport protocol related software

Author Message
debuser
Post  Post subject: Apache - Restricting "Server" information in HTTP response header with ServerTokens  |  Posted: Thu Nov 10, 2011 6:39 am

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Offline
 

Apache - Restricting "Server" information in HTTP response header with ServerTokens

Apache - how to strip down the "Server" field in HTTP response header with ServerTokens

By default, the apache webserver may provide too detailed info in the http response header for your needs. Example:

Code:
HTTP/1.1 404 Not Found
Date: Thu, 10 Nov 2011 10:35:52 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1


Stripping down the "Server" field in the http response can be done in Apache with the "ServerTokens" directive:

Quote:
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.


I use the "Prod" value and this is the output:
Code:
HTTP/1.1 304 Not Modified
Date: Thu, 10 Nov 2011 10:38:52 GMT
Server: Apache
Connection: close
ETag: "fa50a-333-4b04c9edb0700"
Expires: Sat, 10 Dec 2011 10:38:52 GMT
Cache-Control: max-age=2592000





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Apache - Restricting "Server" information in HTTP response header with ServerTokens"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server

debuser

0

1975

Tue Aug 03, 2010 3:30 am

debuser View the latest post

There are no new unread posts for this topic. Apache: how to list virtual hosts that are currently configured on my Apache server ?

LaR3

0

1155

Sun Feb 07, 2010 10:04 am

LaR3 View the latest post

There are no new unread posts for this topic. Apache 2.2 installation of mod_rewrite module without recompiling whole apache

debuser

0

2904

Tue Mar 23, 2010 11:22 am

debuser View the latest post

There are no new unread posts for this topic. Attachment(s) Nginx + apache (for PHP) with real IP addresses in logs

designeru

0

571

Tue May 18, 2010 9:49 am

designeru View the latest post

There are no new unread posts for this topic. How can I see what modules are loaded on my custom built Apache binary

LaR3

0

814

Sun Feb 07, 2010 9:54 am

LaR3 View the latest post

There are no new unread posts for this topic. Converting PhpBB-SEO Apache RewriteRule to Nginx rewrite

debuser

0

1650

Tue Feb 23, 2010 5:00 am

debuser View the latest post

There are no new unread posts for this topic. Apache to Nginx Server parameters translation with php function

debuser

0

49982

Thu Aug 26, 2010 7:47 am

debuser View the latest post

There are no new unread posts for this topic. Apache Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included

LaR3

0

2345

Mon Sep 21, 2009 6:42 pm

LaR3 View the latest post

There are no new unread posts for this topic. Apache: access to /dir failed, reason: require directives present and no Authoritative handler

LaR3

0

1565

Mon Sep 21, 2009 6:48 pm

LaR3 View the latest post

There are no new unread posts for this topic. NGINX: How to redirect http to https website

mandrei99

0

1016

Mon Feb 09, 2015 3:27 pm

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO