How to hide Apache version number

Posted by Toni Perätalo on 06-Nov-2017 08:15

Hi,

When using PAS (Pacific Appserver on OE 11.6.3) as a web server, version of Apache is returned in http header.

"Server:Apache-Coyote/1.1"

Is it possible to hide this version information? If I'd have "separate or real" Apache server this would be possible (https://www.tecmint.com/hide-apache-web-server-version-information/) but is it when using PAS? I did not find any place to configure this.

Regards,

Toni

OpenEdge Development - Forum
Posted by Peter Judge on 06-Nov-2017 08:32

The link below is for the Apache HTTP server (not Tomcat).  This www.techstacks.com/.../suppress-server-identity-in-tomcat.html  and tomcat.apache.org/.../security-howto.html   has more pertinent info.
 
Basically, you need to add a server=”” property to the Connector configs in the $CATALINA_BASE/conf/server.xml file.
 
<!-- feature:begin:HTTP:on -->
    <Connector executor="tomcatThreadPool"
               port="${psc.as.http.port}"
               protocol="HTTP/1.1"
               scheme="http"
               secure="false"
               connectionTimeout="${psc.as.http.connectiontimeout}"
               asyncTimeout="${psc.as.msg.timeout}"
               maxPostSize="${psc.as.msg.maxpostsize}"
               maxHttpHeaderSize="8192"
               acceptCount="${psc.as.http.maxqueuesize}"
               maxConnections="${psc.as.http.maxconnections}"
               maxKeepAliveRequests="${psc.as.msg.maxpipeline}"
               redirectPort="${psc.as.https.port}"
               URIEncoding="${psc.as.http.uriencoding}"
               compression="${psc.as.http.compress}"
               compressionMinSize="${psc.as.compress.min}"
               noCompressionUserAgents="gozilla,traviata"
               compressableMimeType="${psc.as.compress.types}"
               xpoweredBy="false"
               server="Chairman_Miao/1.0"/>
<!-- feature:end:HTTP:on -->
 
 
 
 

All Replies

Posted by Peter Judge on 06-Nov-2017 08:32

The link below is for the Apache HTTP server (not Tomcat).  This www.techstacks.com/.../suppress-server-identity-in-tomcat.html  and tomcat.apache.org/.../security-howto.html   has more pertinent info.
 
Basically, you need to add a server=”” property to the Connector configs in the $CATALINA_BASE/conf/server.xml file.
 
<!-- feature:begin:HTTP:on -->
    <Connector executor="tomcatThreadPool"
               port="${psc.as.http.port}"
               protocol="HTTP/1.1"
               scheme="http"
               secure="false"
               connectionTimeout="${psc.as.http.connectiontimeout}"
               asyncTimeout="${psc.as.msg.timeout}"
               maxPostSize="${psc.as.msg.maxpostsize}"
               maxHttpHeaderSize="8192"
               acceptCount="${psc.as.http.maxqueuesize}"
               maxConnections="${psc.as.http.maxconnections}"
               maxKeepAliveRequests="${psc.as.msg.maxpipeline}"
               redirectPort="${psc.as.https.port}"
               URIEncoding="${psc.as.http.uriencoding}"
               compression="${psc.as.http.compress}"
               compressionMinSize="${psc.as.compress.min}"
               noCompressionUserAgents="gozilla,traviata"
               compressableMimeType="${psc.as.compress.types}"
               xpoweredBy="false"
               server="Chairman_Miao/1.0"/>
<!-- feature:end:HTTP:on -->
 
 
 
 

Posted by Brian K. Maher on 06-Nov-2017 08:48

Its Mao  <smile>
 

Posted by Toni Perätalo on 07-Nov-2017 03:55

Thank you Peter!

(Sorry about mixing those Apache http server and Tomcat things. I'm quite newbie in these web server things :) )

This thread is closed