Disabling CouchDB server signature

[Arcadius Ahouansou <ar...@menelic.com>]

Hello.
By default, CouchDB exposes its current version to the worlds i.e
going to curl http://MYHOST:MYPORT/
I get the pretty json response below.

Please what is the recommended way of disabling this and display an
empty json or remove at least the version.
Note that I have haproxy in front of couchdb.
Thank you very much.

Arcadius

{

   - "couchdb": "Welcome",
   - "version": "3.2.2",
   - "git_sha": "d5b746b7c",
   - "uuid": "ce35097f091bda955f1a7b46adddaaca",
   - "features": [...],
   - "vendor": {
      - "name": "The Apache Software Foundation"
   }

}

Re: Disabling CouchDB server signature

[Arcadius Ahouansou <ar...@menelic.com>]

Thank you very much Robert and Rene.

As I am using HAProxy, I have tried your suggestion Robert
i.e
http-request return status 200 ...

So far, it seems to be working well.

Thank you very much.

With warm regards.


On Mon, 25 Jul 2022 at 15:51, Rene Veerman <se...@gmail.com> wrote:

> nginx is an alternative to haproxy.
> i have an easy install manual for it in the README.md section of my
> https://github.com/nicerapp/nicerapp
> but that only points you to getting 3 domain names running on a single
> outgoing IP server.
>
> the idea behind secure web design is that you have your php / ruby /
> whatever script talk on a LAN to your couchdb server via businessLogic JSON
> or HTTP POST data,
> and never expose any part of your couchdb server at all to the wider
> public.
>
> On Wed, Jul 20, 2022 at 12:11 PM Robert Newson <rn...@apache.org> wrote:
>
> > Hi,
> >
> > The easiest approach would be to have haproxy send something else
> instead,
> > but note that some tools might break if they can't retrieve the welcome
> > message. I've confirmed that the replicator would not be affected. We
> > welcome reports of your success and/or issues you face by removing this.
> >
> > Something like this in the haproxy frontend;
> >
> >  http-request return status 200 content-type application/json string "{}"
> > if { path eq / }
> >
> > B.
> >
> > > On 20 Jul 2022, at 06:40, Arcadius Ahouansou <ar...@menelic.com>
> > wrote:
> > >
> > > Hello.
> > > By default, CouchDB exposes its current version to the worlds i.e
> > > going to curl http://MYHOST:MYPORT/
> > > I get the pretty json response below.
> > >
> > > Please what is the recommended way of disabling this and display an
> > > empty json or remove at least the version.
> > > Note that I have haproxy in front of couchdb.
> > > Thank you very much.
> > >
> > > Arcadius
> > >
> > > {
> > >
> > >   - "couchdb": "Welcome",
> > >   - "version": "3.2.2",
> > >   - "git_sha": "d5b746b7c",
> > >   - "uuid": "ce35097f091bda955f1a7b46adddaaca",
> > >   - "features": [...],
> > >   - "vendor": {
> > >      - "name": "The Apache Software Foundation"
> > >   }
> > >
> > > }
> >
> >
>


-- 
Arcadius Ahouansou
Menelic Ltd | Applied Knowledge Is Power
Office : +441444702101
Mobile: +447908761999
Menelic Ltd: menelic.com
SmartLobby: SmartLobby.co <https://smartlobby.co/>
Hosted Apache Solr Services: solrfarm.com

---

Re: Disabling CouchDB server signature

[Rene Veerman <se...@gmail.com>]

nginx is an alternative to haproxy.
i have an easy install manual for it in the README.md section of my
https://github.com/nicerapp/nicerapp
but that only points you to getting 3 domain names running on a single
outgoing IP server.

the idea behind secure web design is that you have your php / ruby /
whatever script talk on a LAN to your couchdb server via businessLogic JSON
or HTTP POST data,
and never expose any part of your couchdb server at all to the wider public.

On Wed, Jul 20, 2022 at 12:11 PM Robert Newson <rn...@apache.org> wrote:

> Hi,
>
> The easiest approach would be to have haproxy send something else instead,
> but note that some tools might break if they can't retrieve the welcome
> message. I've confirmed that the replicator would not be affected. We
> welcome reports of your success and/or issues you face by removing this.
>
> Something like this in the haproxy frontend;
>
>  http-request return status 200 content-type application/json string "{}"
> if { path eq / }
>
> B.
>
> > On 20 Jul 2022, at 06:40, Arcadius Ahouansou <ar...@menelic.com>
> wrote:
> >
> > Hello.
> > By default, CouchDB exposes its current version to the worlds i.e
> > going to curl http://MYHOST:MYPORT/
> > I get the pretty json response below.
> >
> > Please what is the recommended way of disabling this and display an
> > empty json or remove at least the version.
> > Note that I have haproxy in front of couchdb.
> > Thank you very much.
> >
> > Arcadius
> >
> > {
> >
> >   - "couchdb": "Welcome",
> >   - "version": "3.2.2",
> >   - "git_sha": "d5b746b7c",
> >   - "uuid": "ce35097f091bda955f1a7b46adddaaca",
> >   - "features": [...],
> >   - "vendor": {
> >      - "name": "The Apache Software Foundation"
> >   }
> >
> > }
>
>

Re: Disabling CouchDB server signature

[Robert Newson <rn...@apache.org>]

Hi,

The easiest approach would be to have haproxy send something else instead, but note that some tools might break if they can't retrieve the welcome message. I've confirmed that the replicator would not be affected. We welcome reports of your success and/or issues you face by removing this.

Something like this in the haproxy frontend;

 http-request return status 200 content-type application/json string "{}" if { path eq / }

B.

> On 20 Jul 2022, at 06:40, Arcadius Ahouansou <ar...@menelic.com> wrote:
> 
> Hello.
> By default, CouchDB exposes its current version to the worlds i.e
> going to curl http://MYHOST:MYPORT/
> I get the pretty json response below.
> 
> Please what is the recommended way of disabling this and display an
> empty json or remove at least the version.
> Note that I have haproxy in front of couchdb.
> Thank you very much.
> 
> Arcadius
> 
> {
> 
>   - "couchdb": "Welcome",
>   - "version": "3.2.2",
>   - "git_sha": "d5b746b7c",
>   - "uuid": "ce35097f091bda955f1a7b46adddaaca",
>   - "features": [...],
>   - "vendor": {
>      - "name": "The Apache Software Foundation"
>   }
> 
> }