删除“服务器:Apache"从响应头 [英] Remove "Server: Apache" from response headers
问题描述
我想知道如何完全删除apache在响应中发送的Server标头.
I want to know how to remove the Server header completely that apache sends in the response.
最初,它在响应头中显示完整的服务器信息,例如Server: Apache (Ubuntu 14.04)
.
但是我读到某处将其添加到apache2.conf
Initially, it was showing full server info like Server: Apache (Ubuntu 14.04)
in the response headers.
But I read somewhere to add this in apache2.conf
ServerTokens ProductOnly
ServerSignature Off
它没有删除标题,只是将其更改为Server: Apache
It didn't remove the header but only changed it to Server: Apache
我什至尝试从PHP中使用header_remove('Server');
删除该标头.但是仍然没有运气.
I even tried from PHP to remove that header with header_remove('Server');
. But still no luck.
因此,我想将其完全删除.
So, I want to remove that completely.
谢谢
PS:如果可能将报头值更改为例如:Server: Microsoft-IIS/8.0
(假值);那也可以
PS: if its possible to change the header value for eg: to Server: Microsoft-IIS/8.0
(fake value); then its okay too.
推荐答案
服务器ID/令牌标头由"ServerTokens"指令(由mod_core提供)控制.除了修改Apache HTTPD源代码或使用mod_security模块外,没有其他方法可以完全禁止服务器ID标头.
The server ID/token header is controlled by "ServerTokens" directive (provided by mod_core). Aside from modifying the Apache HTTPD source code, or using mod_security module, there is no other way to fully suppress the server ID header.
使用mod_security方法,您可以在modsecurity.conf文件中禁用模块的所有指令/功能,并且仅利用服务器标头ID指令,而无需任何其他包g". (c)Chipster
With the mod_security approach, you can disable all of the module's directives/functions in the modsecurity.conf file, and leverage only the server header ID directive without any additional "baggage." (c) Chipster
这篇关于删除“服务器:Apache"从响应头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!