My question is posed in the title. But I ask also, instead of hiding it, isn't it possible to replace it by a custom value? Maybe over php or by editing the apache2 config?
Thank's in advance!
You could use mod_security for Apache, there is a directive called SecServerSignature it allows you to change the value of the Server header.
Another way would be to edit the the source code :)
Related
is the first time I'm using IIS (Windows Server 2019) and I'm looking for a configuration to be able to redirect clients from http://mysiteExample.org/ to http://mysiteExample.org/embed.html?key=val. I considered that URL Rewrite Module could help me to achieve this (as is not necessary for the clients to see the new URL they'll be redirected to). I made the configuration as shown in this screenshot, where I set '^$' as a pattern to specify this should apply for cases where no URL string is provided.
Could somebody with more experience advise me on how to achieve what specified above?
Thanks in advance
I finally managed to make it work changing the action type from 'Rewrite' to 'Redirect'.
I am working with the ATG platform and cannot figure out how to hide or remove the section of the response header "X-ATG-Version: xxxxxxx". I am using JBoss and I have figured out how to remove the "X-powered-by" part of the header but no luck with the ATG part. I am trying to accomplish this for security purposes.
You are not saying which version of ATG you are running or whether you are hosting it behind a WebServer.
In the ATG Documentation it suggests that you can turn off the header in the HeadPipelineServlet using the addingAtgVersionHeader property. You can find the HeadPipelineServlet in the /atg/dynamo/servlet/pipeline/DynamoHandler component. When you do add this property, make sure you add it via the properties file and restart. Changing it in /dyn/admin does not make a difference.
Alternatively you can hide it in your Webserver Configuration. In Apache the following is sufficient:
Header unset X-ATG-Version
And it works reliably.
I'm looking for a way to set the "Accept-Language" to a specific value for all incoming request. I use IIS 7.5+. I have looked at the rewrite module but can't seem to find the right combination to set the request header.
Any ideas?
Thanks
Frank
Found the answer. By using the Rewrite Module, and add a rule that runs on all incoming request [.*], and set the server-variable "HTTP_ACCEPT_LANGUAGE" to whatever the required setting.
We are using lighttpd web server in our code base. It is that we need to add SECURE and HTTP ONLY flags for the cookie.
I have gone through many examples but all are related to PHP and some other kanguage. We don't use PHP in our code. Is there anyway that I can get this? Can anything be done in the .conf file like in apache web server.
I have tested apache web server by adding changes in the httpd.conf and checked the packet capture. It worked. But unable to achieve this in lighttpd.
We use C language in the backend.
Well, To answer my own question.
There is nothing to do with the lighttpd.conf as of httpd.conf for apache.
We are setting the cookie header in a lua file(Kepler). Appending secure to that cookie header fixed the issue.
I'm trying to fix some strange or destroyed results with my web url, if I add any char after index.php/:
http://domain/index.php/?
How can I fix this? Thank you!
This web server feature is called Path Info. Look for Apaches AcceptPathInfo settings. What's exactly your problem? Do you want to use ordinary query strings together with path info URLs?