删除服务器头tomcat [英] remove server header tomcat

问题描述

我能够将 org.apache.coyote.http11.Http11Protocol.SERVER 的值重命名为其他任何内容，因此HTTP-Response-Header包含以下内容：

I am able to rename the value of org.apache.coyote.http11.Http11Protocol.SERVER to anything else, so the HTTP-Response-Header contains something like:

服务器：Apache

Server:Apache

而不是默认

服务器：Apache- Coyote / 1.1

Server:Apache-Coyote/1.1

使用org.apache.coyote.http11.Http11Protocol.SERVER的空值不会删除Server-Header。

Using a empty value for org.apache.coyote.http11.Http11Protocol.SERVER does not remove the Server-Header.

如何从我的共鸣中删除服务器标题？

How can I remove the Server-Header from my resonses?

推荐答案

简短回答 - 你可以'删除标题，但你应该修改它（见其他答案）。

Short answer - you can't remove the header, but you should modify it (see other answers).

服务器标题在RFC中定义，是必需的。 （未在规范中定义为可选项）

The server header is defined in the RFC and it is mandatory. (not defined as optional in the spec)

取自 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.38

14.38服务器

服务器响应标头字段包含有关原始服务器用于处理请求的软件的信息。 >
该字段可以包含多个产品令牌（第3.8节）和
注释，用于标识服务器和任何重要的子产品。
产品代币按其重要性的顺序列出，标识该应用程序的
。

14.38 Server
The Server response-header field contains information about the software used by the origin server to handle the request.
The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

如果通过代理转发响应，代理应用程序绝不能修改Server
响应头。相反，它应该包括一个Via字段（如第14.45节中描述的
）。

If the response is being forwarded through a proxy, the proxy application MUST NOT modify the Server response-header. Instead, it SHOULD include a Via field (as described in section 14.45).

  Note: Revealing the specific software version of the server might
  allow the server machine to become more vulnerable to attacks
  against software that is known to contain security holes. Server
  implementors are encouraged to make this field a configurable
  option.

这篇关于删除服务器头tomcat的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！