You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by "Jason Giedymin (JIRA)" <ji...@apache.org> on 2010/02/18 18:32:27 UTC
[jira] Created: (TS-193) Mask Version Info in response header 'via'
Mask Version Info in response header 'via'
------------------------------------------
Key: TS-193
URL: https://issues.apache.org/jira/browse/TS-193
Project: Traffic Server
Issue Type: Bug
Components: Cache, Config, Core
Affects Versions: 2.0.0a
Environment: Ubuntu 9.10
Reporter: Jason Giedymin
Priority: Minor
I was looking at the response headers and found something along the lines of:
Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-193) Mask Version Info in response header
'via'
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12835379#action_12835379 ]
Leif Hedstrom commented on TS-193:
----------------------------------
I should say, you can also eliminate the Via: header entirely if it's a security concern:
CONFIG proxy.config.http.insert_request_via_str INT 0
CONFIG proxy.config.http.insert_response_via_str INT 0
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (TS-193) Mask Version Info in response header
'via'
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom resolved TS-193.
------------------------------
Resolution: Invalid
Closing as invalid, those options suggested by George is the way to go :).
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-193) Mask Version Info in response header
'via'
Posted by "George Paul (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12835348#action_12835348 ]
George Paul commented on TS-193:
--------------------------------
The request, response Via headers and Server header can be set via the records.config variables:
CONFIG proxy.config.http.request_via_str STRING ApacheTrafficServer/2.0.0-alpha
CONFIG proxy.config.http.response_via_str STRING ApacheTrafficServer/2.0.0-alpha
CONFIG proxy.config.http.response_server_str STRING ATS/2.0.0-alpha
You can change the version info etc...
-George
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-193) Mask Version Info in response header
'via'
Posted by "Miles Libbey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12835413#action_12835413 ]
Miles Libbey commented on TS-193:
---------------------------------
Looks like these are not in our documentation. Which of the record.config sections should it go in?
System Variables
Local Manager
Process Manager
Alarm Configuration
Authentication Basic Realm
Congestion Control
Negative Response Caching
Proxy User Variables
Security
Cache Control
Customizable User Response Pages
DNS
HostDB
Reverse Proxy
URL Remap Rules
SSL Termination
Client-Related Configuration
ICP Configuration
Scheduled Update Configuration
Remap Plugin Processor
Plug-in Configuration
Sockets
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (TS-193) Mask Version Info in response header
'via'
Posted by "George Paul (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
George Paul reassigned TS-193:
------------------------------
Assignee: George Paul
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (TS-193) Mask Version Info in response
header 'via'
Posted by "Miles Libbey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12835413#action_12835413 ]
Miles Libbey edited comment on TS-193 at 2/18/10 9:34 PM:
----------------------------------------------------------
Looks like these are not in our documentation. Which of the record.config sections should it go in?
System Variables
Local Manager
Process Manager
Alarm Configuration
Authentication Basic Realm
Congestion Control
Negative Response Caching
Proxy User Variables
Security
Cache Control
Customizable User Response Pages
DNS
HostDB
Reverse Proxy
URL Remap Rules
(proxy.config.http.insert_request_via_str and proxy.config.http.insert_response_via_str are in the HTTP engine section)
SSL Termination
Client-Related Configuration
ICP Configuration
Scheduled Update Configuration
Remap Plugin Processor
Plug-in Configuration
Sockets
was (Author: mlibbey):
Looks like these are not in our documentation. Which of the record.config sections should it go in?
System Variables
Local Manager
Process Manager
Alarm Configuration
Authentication Basic Realm
Congestion Control
Negative Response Caching
Proxy User Variables
Security
Cache Control
Customizable User Response Pages
DNS
HostDB
Reverse Proxy
URL Remap Rules
SSL Termination
Client-Related Configuration
ICP Configuration
Scheduled Update Configuration
Remap Plugin Processor
Plug-in Configuration
Sockets
> Mask Version Info in response header 'via'
> ------------------------------------------
>
> Key: TS-193
> URL: https://issues.apache.org/jira/browse/TS-193
> Project: Traffic Server
> Issue Type: Bug
> Components: Cache, Config, Core
> Affects Versions: 2.0.0a
> Environment: Ubuntu 9.10
> Reporter: Jason Giedymin
> Assignee: George Paul
> Priority: Minor
>
> I was looking at the response headers and found something along the lines of:
> Via HTTP/1.1 <proxy> (ApacheTrafficServer/2.0.0-alpha [cMsSf ])
> Would like an option to mask the version info for security purposes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.