4

I am running a couple of websites on different server on a local network. All websites are Proxied via one server where HTTPS is added and the trafic is monitored.

Currently, if someone makes a:

curl -I subdomain.domain.tld

The result is:

curl -I https://subdomain.domain.tld
HTTP/1.1 200 OK
Date: Fri, 13 Jan 2017 09:19:02 GMT
Server: Jetty(8.y.z-SNAPSHOT)
Content-Type: text/html
Content-Length: 2379
Last-Modified: Tue, 10 Jan 2017 11:15:29 GMT

How can I "override" the response the server behind the proxy gives with another respons from the ReverseProxy?

For example, I want my output to look something like this (if possible)

curl -I https://dubdomain.domain.tld
HTTP/1.1 200 OK
Date: Fri, 13 Jan 2017 09:19:02 GMT
Server: Apache24 (or even something else)
Content-Type: text/html
Content-Length: 2379
Last-Modified: Tue, 10 Jan 2017 11:15:29 GMT

Is this achievable?

Orphans
  • 1,396
  • 2
  • 18
  • 30
  • Apache Module mod_headers - This module provides directives to control and modify HTTP request and response headers. Headers can be merged, replaced or removed. – Yevgeniy Afanasyev Mar 25 '22 at 02:38

1 Answers1

8

You can not remove the Server Header in Apache, but in your case, yes you can just show the server tokens of the reverse proxy by adding:

Header unset Server

What this will do is remove the server header returned by the "backend" and show you the one from the reverse proxy.

If by any chance you want to remove or change this header even from the response of the reverse proxy, you will have to use mod_security, or at least that's the only method I know.

Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13
  • Thank you, this did solve my problem. I will also set up varnish to futher hide information regarding the webserver. – Orphans Jan 13 '17 at 10:38
  • 1
    In Apache22 at least, "Header unset Server" removes entirely the Server Header. The header statement requires that the headers_module to be enabled. – frommelmak Feb 11 '21 at 12:00