从响应头的Apache:删除服务器 [英] Remove Server: Apache from response headers
问题描述
我想知道如何完全删除服务器头阿帕奇在响应中发送。
I want to know how to remove the Server header completely that apache sends in the response.
最初,它是显示像全服务器信息服务器:响应标头中的Apache(Ubuntu的14.04)
。
但我读的地方在apache2.conf添加此
Initially, it was showing full server info like Server: Apache (Ubuntu 14.04)
in the response headers.
But I read somewhere to add this in apache2.conf
ServerTokens ProductOnly
ServerSignature Off
这并没有消除头,但只有将其改为服务器:Apache
我甚至从PHP试图删除与 header_remove该头('服务器');
。但仍没有运气。
I even tried from PHP to remove that header with header_remove('Server');
. But still no luck.
所以,我要彻底删除。
So, I want to remove that completely.
谢谢,
PS:如果可能的如标头值变化:以服务器:Microsoft-IIS / 8.0
(假值);那么它的好了。
PS: if its possible to change the header value for eg: to Server: Microsoft-IIS/8.0
(fake value); then its okay too.
推荐答案
服务器ID /令牌报头由ServerTokens指令(由mod_core提供)控制。除了修改Apache的HTTPD源$ C $ C,或使用的mod_security模块,有没有其他的方式来充分燮preSS服务器ID头。
The server ID/token header is controlled by "ServerTokens" directive (provided by mod_core). Aside from modifying the Apache HTTPD source code, or using mod_security module, there is no other way to fully suppress the server ID header.
随着mod_security的方法,您可以禁用所有模块的指令在modsecurity.conf文件/功能,并利用只有服务器头ID指令没有任何额外的包袱。
(三)Chipster
With the mod_security approach, you can disable all of the module's directives/functions in the modsecurity.conf file, and leverage only the server header ID directive without any additional "baggage." (c) Chipster
这篇关于从响应头的Apache:删除服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!