Apache/httpd 'Header set Server' is ignored/overridden

BairDev

8/9/24, 3:37 PM

I am using this in a VirtualHost

<IfModule headers_module>
    Header set ProcessingTime "%D"
    Header set Server "Apache 2.4"
</IfModule>

I can see that the ProcessingTime is set happily, but Server is set by some default, which tells too much about software versions of the server.

What am I doing wrong and can I figure, where the header Server is finally set?

I have tried:

sudo grep -Rin "Header" /etc/httpd/conf.d/ -> no result for Header set Server
sudo grep -Rin "servertokens" /etc/httpd/conf.d/ -> absolutely no result

Apache version: Apache/2.4.53 (codeit) on CentOS.

2 + 0

http-headers

apache-2.4

Score:2

Server

Esa Jokinen

8/9/24, 4:27 PM

Use the ServerTokens Directive in the server config context, instead.

ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache

ServerTokens Major
Server sends (e.g.): Server: Apache/2

ServerTokens Minor
Server sends (e.g.): Server: Apache/2.4

ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.4.2

ServerTokens OS
Server sends (e.g.): Server: Apache/2.4.2 (Unix)

+ 0

Score:1

Server

symcbean

8/9/24, 4:26 PM

Usually people want to hide the Server header because some auditor told them to or their vulnerability scanner doesn't understand backporting.

Have a look for ServerTokens in your config and the manual.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache/httpd 'Header set Server' is ignored/overridden

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.