Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-1989

Add ability to disable server tokens

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.4 GA, SaaS
    • Fix Version/s: 2.5.1
    • Component/s: Gateway
    • Labels:

      Description

      For security reasons, it's sometimes desired to NOT include the openresty version number in response headers and error response bodies.

      For example take note of '1.13.6.2' in the Server header and response body:

      HTTP/1.1 504 Gateway Time-out
      Server: openresty/1.13.6.2
      Date: Thu, 28 Feb 2019 16:20:43 GMT
      Content-Type: text/html
      Content-Length: 189
      Connection: keep-alive
      
      <html>
      <head><title>504 Gateway Time-out</title></head>
      <body bgcolor="white">
      <center><h1>504 Gateway Time-out</h1></center>
      <hr><center>openresty/1.13.6.2</center>
      </body>
      </html>
      

      To prevent this, you can set `server_tokens off;` in the nginx conf in the http block.

      Results in:

      HTTP/1.1 504 Gateway Time-out
      Date: Thu, 28 Feb 2019 16:09:40 GMT
      Content-Type: text/html
      Content-Length: 180
      Connection: keep-alive
      
      <html>
      <head><title>504 Gateway Time-out</title></head>
      <body bgcolor="white">
      <center><h1>504 Gateway Time-out</h1></center>
      <hr><center>openresty</center>
      </body>
      </html>
      

      Ideally this would be set via SERVER_TOKENS=off or some such environment variable.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rhn-support-spoole Shannon Poole
            Developer:
            Michal Cichra Michal Cichra (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: