Traffic Server
  1. Traffic Server
  2. TS-193

Mask Version Info in response header 'via'

    Details

      Description

      I was looking at the response headers and found something along the lines of:

      Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])

      Would like an option to mask the version info for security purposes.

        Activity

        Hide
        George Paul added a comment -

        The request, response Via headers and Server header can be set via the records.config variables:

        CONFIG proxy.config.http.request_via_str STRING ApacheTrafficServer/2.0.0-alpha
        CONFIG proxy.config.http.response_via_str STRING ApacheTrafficServer/2.0.0-alpha
        CONFIG proxy.config.http.response_server_str STRING ATS/2.0.0-alpha

        You can change the version info etc...

        -George

        Show
        George Paul added a comment - The request, response Via headers and Server header can be set via the records.config variables: CONFIG proxy.config.http.request_via_str STRING ApacheTrafficServer/2.0.0-alpha CONFIG proxy.config.http.response_via_str STRING ApacheTrafficServer/2.0.0-alpha CONFIG proxy.config.http.response_server_str STRING ATS/2.0.0-alpha You can change the version info etc... -George
        Hide
        Leif Hedstrom added a comment -

        Closing as invalid, those options suggested by George is the way to go .

        Show
        Leif Hedstrom added a comment - Closing as invalid, those options suggested by George is the way to go .
        Hide
        Leif Hedstrom added a comment -

        I should say, you can also eliminate the Via: header entirely if it's a security concern:

        CONFIG proxy.config.http.insert_request_via_str INT 0
        CONFIG proxy.config.http.insert_response_via_str INT 0

        Show
        Leif Hedstrom added a comment - I should say, you can also eliminate the Via: header entirely if it's a security concern: CONFIG proxy.config.http.insert_request_via_str INT 0 CONFIG proxy.config.http.insert_response_via_str INT 0
        Hide
        Miles Libbey added a comment - - edited

        Looks like these are not in our documentation. Which of the record.config sections should it go in?
        System Variables
        Local Manager
        Process Manager
        Alarm Configuration
        Authentication Basic Realm
        Congestion Control
        Negative Response Caching
        Proxy User Variables
        Security
        Cache Control
        Customizable User Response Pages
        DNS
        HostDB
        Reverse Proxy
        URL Remap Rules

        (proxy.config.http.insert_request_via_str and proxy.config.http.insert_response_via_str are in the HTTP engine section)
        SSL Termination
        Client-Related Configuration
        ICP Configuration
        Scheduled Update Configuration
        Remap Plugin Processor
        Plug-in Configuration
        Sockets

        Show
        Miles Libbey added a comment - - edited Looks like these are not in our documentation. Which of the record.config sections should it go in? System Variables Local Manager Process Manager Alarm Configuration Authentication Basic Realm Congestion Control Negative Response Caching Proxy User Variables Security Cache Control Customizable User Response Pages DNS HostDB Reverse Proxy URL Remap Rules (proxy.config.http.insert_request_via_str and proxy.config.http.insert_response_via_str are in the HTTP engine section) SSL Termination Client-Related Configuration ICP Configuration Scheduled Update Configuration Remap Plugin Processor Plug-in Configuration Sockets

          People

          • Assignee:
            George Paul
            Reporter:
            Jason Giedymin
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development