How to hide Apache version number - Forum - OpenEdge Development - Progress Community

How to hide Apache version number

 Forum

How to hide Apache version number

This question is answered

Hi,

When using PAS (Pacific Appserver on OE 11.6.3) as a web server, version of Apache is returned in http header.

"Server:Apache-Coyote/1.1"

Is it possible to hide this version information? If I'd have "separate or real" Apache server this would be possible (https://www.tecmint.com/hide-apache-web-server-version-information/) but is it when using PAS? I did not find any place to configure this.

Regards,

Toni

Verified Answer
  • The link below is for the Apache HTTP server (not Tomcat).  This www.techstacks.com/.../suppress-server-identity-in-tomcat.html  and tomcat.apache.org/.../security-howto.html   has more pertinent info.
     
    Basically, you need to add a server=”” property to the Connector configs in the $CATALINA_BASE/conf/server.xml file.
     
    <!-- feature:begin:HTTP:on -->
        <Connector executor="tomcatThreadPool"
                   port="${psc.as.http.port}"
                   protocol="HTTP/1.1"
                   scheme="http"
                   secure="false"
                   connectionTimeout="${psc.as.http.connectiontimeout}"
                   asyncTimeout="${psc.as.msg.timeout}"
                   maxPostSize="${psc.as.msg.maxpostsize}"
                   maxHttpHeaderSize="8192"
                   acceptCount="${psc.as.http.maxqueuesize}"
                   maxConnections="${psc.as.http.maxconnections}"
                   maxKeepAliveRequests="${psc.as.msg.maxpipeline}"
                   redirectPort="${psc.as.https.port}"
                   URIEncoding="${psc.as.http.uriencoding}"
                   compression="${psc.as.http.compress}"
                   compressionMinSize="${psc.as.compress.min}"
                   noCompressionUserAgents="gozilla,traviata"
                   compressableMimeType="${psc.as.compress.types}"
                   xpoweredBy="false"
                   server="Chairman_Miao/1.0"/>
    <!-- feature:end:HTTP:on -->
     
     
     
     
All Replies
  • The link below is for the Apache HTTP server (not Tomcat).  This www.techstacks.com/.../suppress-server-identity-in-tomcat.html  and tomcat.apache.org/.../security-howto.html   has more pertinent info.
     
    Basically, you need to add a server=”” property to the Connector configs in the $CATALINA_BASE/conf/server.xml file.
     
    <!-- feature:begin:HTTP:on -->
        <Connector executor="tomcatThreadPool"
                   port="${psc.as.http.port}"
                   protocol="HTTP/1.1"
                   scheme="http"
                   secure="false"
                   connectionTimeout="${psc.as.http.connectiontimeout}"
                   asyncTimeout="${psc.as.msg.timeout}"
                   maxPostSize="${psc.as.msg.maxpostsize}"
                   maxHttpHeaderSize="8192"
                   acceptCount="${psc.as.http.maxqueuesize}"
                   maxConnections="${psc.as.http.maxconnections}"
                   maxKeepAliveRequests="${psc.as.msg.maxpipeline}"
                   redirectPort="${psc.as.https.port}"
                   URIEncoding="${psc.as.http.uriencoding}"
                   compression="${psc.as.http.compress}"
                   compressionMinSize="${psc.as.compress.min}"
                   noCompressionUserAgents="gozilla,traviata"
                   compressableMimeType="${psc.as.compress.types}"
                   xpoweredBy="false"
                   server="Chairman_Miao/1.0"/>
    <!-- feature:end:HTTP:on -->
     
     
     
     
  • Its Mao  <smile>
     

  • Thank you Peter!

    (Sorry about mixing those Apache http server and Tomcat things. I'm quite newbie in these web server things :) )