You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Krishna Pandey (JIRA)" <ji...@apache.org> on 2017/05/03 10:56:04 UTC
[jira] [Commented] (KNOX-932) Option to remove the server-name from
HTTP-header response
[ https://issues.apache.org/jira/browse/KNOX-932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15994657#comment-15994657 ]
Krishna Pandey commented on KNOX-932:
-------------------------------------
It would be nice to have this as configurable property instead of entirely removing it. Removing it will cause more suspicion and push for resort to other fingerprinting techniques.
> Option to remove the server-name from HTTP-header response
> -----------------------------------------------------------
>
> Key: KNOX-932
> URL: https://issues.apache.org/jira/browse/KNOX-932
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Kunal Rajguru
> Labels: http-headers
>
> Option to remove the server name which is sent as HTTP-Header in the response
> For example :
> curl -i -k -u <username>:<password> -X GET 'https://localhost:8443/gateway/default/webhdfs/v1/?op=LISTSTATUS'
> HTTP/1.1 200 OK
> Set-Cookie: JSESSIONID=fs2lu9w7jcgt1tshnfs1cqf8v;Path=/gateway/default;Secure;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Cache-Control: no-cache
> Expires: Wed, 15 Mar 2017 12:49:24 GMT
> Date: Wed, 15 Mar 2017 12:49:24 GMT
> Pragma: no-cache
> Expires: Wed, 15 Mar 2017 12:49:24 GMT
> Date: Wed, 15 Mar 2017 12:49:24 GMT
> Pragma: no-cache
> Server: Jetty(6.1.26.hwx)
> Content-Type: application/json
> Content-Length: 2593
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)