Highlighted
aortiz1 Trusted Contributor.
Trusted Contributor.
445 views

Apache Headers

Jump to solution
Hi all, i would like to ask you how can i remove the "Server" header that appears everywhere, is this possible to do? i've been searching a little bit on the internet and it says i should install mod-security to do it but i'm not sure if this is supported by the Product. Thank you all in advance


0 Likes
1 Solution

Accepted Solutions
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Apache Headers

Jump to solution

It is by design Apache developer restricts the removal of “Server” completely even using mod_headers.

https://bz.apache.org/bugzilla/show_bug.cgi?id=40026

So, even using the following directives are not enough to remove "Apache" from Server header

ServerSignature Off
ServerTokens Prod

 

There are a couple of ways to do it - 

1. Use Apache ModSecurity module  https://community.microfocus.com/t5/Access-Manager-Tips-Information/Power-up-Access-Gateway-with-ModSecurity-and-Core-Rule-Set/ta-p/1771746 and use SecServerSignature directive.

2. Modify  Access manager's Access gateway library. We provided a solution to one of access manager customer. The fix is not yet part of the release.

0 Likes
9 Replies
ScorpionSting Absent Member.
Absent Member.

Re: Apache Headers

Jump to solution
aortiz1;2500461 wrote:
Hi all, i would like to ask you how can i remove the "Server" header that appears everywhere, is this possible to do? i've been searching a little bit on the internet and it says i should install mod-security to do it but i'm not sure if this is supported by the Product. Thank you all in advance




In theory, you should be able to add these directives to the Global Additional Headers on the gateway:


ServerSignature Off
ServerTokens Prod

Visit my Website for links to Cool Solution articles.
0 Likes
aortiz1 Trusted Contributor.
Trusted Contributor.

Re: Apache Headers

Jump to solution
ScorpionSting;2500478 wrote:
In theory, you should be able to add these directives to the Global Additional Headers on the gateway:


ServerSignature Off
ServerTokens Prod


Hi my friend, thanks for the quick answer.
Thats exactly how i have it! but i still get the "Server" header.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Apache Headers

Jump to solution
aortiz1;2500479 wrote:
Hi my friend, thanks for the quick answer.
Thats exactly how i have it! but i still get the "Server" header.


mod_headers should be loaded by now, so try adding:


Header unset Server

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Apache Headers

Jump to solution
On 04-06-2019 1:14 AM, aortiz1 wrote:
>
> Hi all, i would like to ask you how can i remove the "Server" header
> that appears everywhere, is this possible to do? i've been searching a
> little bit on the internet and it says i should install mod-security to
> do it but i'm not sure if this is supported by the Product. Thank you
> all in advance


You can change it to something else but you can't remove it. By default ServerSignature off is already in the conf file.


--
Cheers,
Edward
0 Likes
aortiz1 Trusted Contributor.
Trusted Contributor.

Re: Apache Headers

Jump to solution
edmaa;2500483 wrote:
On 04-06-2019 1:14 AM, aortiz1 wrote:
>
> Hi all, i would like to ask you how can i remove the "Server" header
> that appears everywhere, is this possible to do? i've been searching a
> little bit on the internet and it says i should install mod-security to
> do it but i'm not sure if this is supported by the Product. Thank you
> all in advance


You can change it to something else but you can't remove it. By default ServerSignature off is already in the conf file.


--
Cheers,
Edward


Thank you so much for your answer! How can i change it into something else?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Apache Headers

Jump to solution
On 05-06-2019 1:24 AM, aortiz1 wrote:
>
> Thank you so much for your answer! How can i change it into something
> else?


Ok, it seems i was a little presumptious with the fact you can change the value of this header. You can do it with apache but not with NAM as NAM
doesn't come with the security2 module (no idea why). What is the issue with the fact it says its running apache?


--
Cheers,
Edward
0 Likes
robert_tuit
New Member.

Re: Apache Headers

Jump to solution

The way i resolved it was to add  server="" to the /opt/novell/nam/idp/conf/server.xml

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Apache Headers

Jump to solution

It is by design Apache developer restricts the removal of “Server” completely even using mod_headers.

https://bz.apache.org/bugzilla/show_bug.cgi?id=40026

So, even using the following directives are not enough to remove "Apache" from Server header

ServerSignature Off
ServerTokens Prod

 

There are a couple of ways to do it - 

1. Use Apache ModSecurity module  https://community.microfocus.com/t5/Access-Manager-Tips-Information/Power-up-Access-Gateway-with-ModSecurity-and-Core-Rule-Set/ta-p/1771746 and use SecServerSignature directive.

2. Modify  Access manager's Access gateway library. We provided a solution to one of access manager customer. The fix is not yet part of the release.

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Apache Headers

Jump to solution

Please contact support if you need an engineering build for this issue.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.