Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Fri Dec 02, 2022 11:44 am

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - Apache - Restricting "Server" information in HTTP response header with ServerTokens
Author Message
Post subject: Apache - Restricting "Server" information in HTTP response header with ServerTokens  |  Post Posted: Thu Nov 10, 2011 6:39 am
Apache - how to strip down the "Server" field in HTTP response header with ServerTokens

By default, the apache webserver may provide too detailed info in the http response header for your needs. Example:

HTTP/1.1 404 Not Found
Date: Thu, 10 Nov 2011 10:35:52 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1

Stripping down the "Server" field in the http response can be done in Apache with the "ServerTokens" directive:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

I use the "Prod" value and this is the output:
HTTP/1.1 304 Not Modified
Date: Thu, 10 Nov 2011 10:38:52 GMT
Server: Apache
Connection: close
ETag: "fa50a-333-4b04c9edb0700"
Expires: Sat, 10 Dec 2011 10:38:52 GMT
Cache-Control: max-age=2592000
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]