Modify Header Response

Vort3x · 12-14-2004, 02:54 PM

Hello,
Currently if I ask for a header response I get this from my server:

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Date: Tue, 14 Dec 2004 20:46:45 GMT
Server: Apache-AdvancedExtranetServer/2.0.50 (Mandrakelinux/7.2.101mdk) mod_perl/1.99_16 Perl/v5.8.5 PHP/4.3.8 mod_ssl/2.0.50 OpenSSL/0.9.7d
Last-Modified: Sat, 04 Dec 2004 16:19:23 GMT
ETag: "5450-6de-9e47b8c0"
Accept-Ranges: bytes
--------------: ----
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

Now on some sites you can edit the "server" details to only show Apache Webserver. Or anything you want. I wanted to know how do I edit the header response to not show server details?

Capt_Caveman · 12-14-2004, 10:37 PM

Usually it's the httpd.conf file in /etc/httpd/conf/

Find the line that says ServerTokens and change the entry to:
ServerTokens Prod

Then restart apache

You should then just get:
Server: Apache

Error Reply footers will be:
Apache Server at 1.2.3.4 Port 80

Vort3x · 12-15-2004, 02:07 PM

I checked the httpd.conf file and it was not there, looked manually, and did a few searches... nothing. I also looked in the httpd2.conf for fun and nothing was there either.

TruckStuff · 12-15-2004, 03:12 PM

Quote:

Originally posted by Vort3x
I checked the httpd.conf file and it was not there, looked manually, and did a few searches... nothing. I also looked in the httpd2.conf for fun and nothing was there either.

Does anyone have any other ideas where I can find how to change the header response?

Look harder. First make sure you are looking at the correct configuration file. If you are 100% sure there is no ServerTokens directive, add the line Capt_Caveman stated above to your config file and restart apache.

Vort3x · 12-15-2004, 04:19 PM

I'm absoloutley positive that it is not there. I downloaded the file to my own computer and searched it and found nothing as well.

So where do I add this line, I tried in httpd.conf like this:

Quote:

### Main Configuration Section
### You really shouldn't change these settings unless you're a guru
###
ServerType standalone
ServerRoot /etc/httpd
ServerTokens Prod
#ServerName localhost
#LockFile /etc/httpd/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /etc/httpd/httpd.scoreboard
ErrorLog logs/error_log
LogLevel warn
ResourceConfig /dev/null
AccessConfig /dev/null
DocumentRoot /var/www/html

Restarted apache, that didn't work.
Removed it, added it to the same spot in httpd2.conf, same results, so restarted.

Where do I add the line "ServerTokens Prod" in the config file?

Thank you.

Vort3x · 12-15-2004, 05:42 PM

Problem resolved, haha, it was in commonhttpd.conf. Thanks.

Capt_Caveman · 12-15-2004, 05:59 PM

I was incorrect, Mandrake adds their own patch to Apache that changes the product name to Apache-AdvancedExtranetServer instead of just Apache, so do you see just Apache or Apache-AdvancedExtranetServer?

TruckStuff · 12-16-2004, 08:14 AM

Quote:

Originally posted by Capt_Caveman
I was incorrect, Mandrake adds their own patch to Apache that changes the product name to Apache-AdvancedExtranetServer instead of just Apache, so do you see just Apache or Apache-AdvancedExtranetServer?

Don't oyu just love vendor-bastardized versions of open-source software?

Vort3x · 12-17-2004, 12:58 PM

Yes it only shows Apache-AdvancedExtranetServer now.