stackoom
  简体   繁体   中英

How to hide / stop server version in HTTP/1.1 200 OK in rails [ nginx/1.0.6 + Phusion Passenger 3.0.9 ]

 原文  2013-01-25 06:12:54       ruby-on-rails/ ruby-on-rails-3/ nginx/ passenger

Question

Hi in my rails application I am using nginx/1.0.6 , Phusion Passenger to host my rails application. But for the security issue I want to stop the display of headers on public network. Now when I run the following curl command. `

curl -I http://domain.name

it give me the following trace: 

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.9
ETag: "b7da2b7b2fa6349"
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 1.193656
Set-Cookie: demand_session=BAh7ByIQX2NzcmZfdG9rZW4iMUVMREdHRDJGcHhnVzhWNTNsRGhGSWRyNmRQbWZZSnpyZGcwbFYx3D%3D--eb470df0951aac0e6612861ef30ed7a699d073a0; path=/; HttpOnly
Cache-Control: max-age=0, private, must-revalidate
Server: nginx/1.0.6 + Phusion Passenger 3.0.9 (mod_rails/mod_rack)

But I want to hide these headers: Server,Set-Cookie,X-Powered-By,X-UA-Compatible,ETag,Cache-ControlCache-Control to be display.

2 answers

solution1
 3 ACCPTED  2013-01-25 07:01:25

If you are using proxy you can use and configure directive proxy_hide_header from proxy module by that: 

proxy_hide_header X-Powered-By;
proxy_hide_header X-UA-Compatible;
proxy_hide_header X-Runtime;
proxy_hide_header ETag;

# and so on...

But this directive allow you only to hide headers coming from proxy server. For response headers coming from main server not proxy you can use directive set and variable $sent_http_HEADER where HEADER means header name you would like to set. Here an example: 

set $sent_http_x_powered_by your_value;
set $sent_http_etag your_value;
set $sent_http_cache_control your_value;

# and so on...

But take in consideration two things: 1. Set directive works only in server , location and if blocks, 2. As you can read in comments to your question it's not realy good idea to hide or change some headers like Cache-Control because they aren't only information but have impact on browser and user clients work.

solution2
 2  2013-01-25 09:24:41

禁用passenger_show_version_in_header禁用server_tokens

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Phusion Passenger (w/ Nginx + Rails app) won't stop spawning How can I configure phusion passenger with nginx to support ssl in rails? nginx starting error with rails Phusion Passenger Updating Rails App with Phusion Passenger and Nginx Ubuntu server with RVM, Phusion Passenger, Apache and Nginx How to use Phusion Passenger Standalone as the default Rails server Phusion Passenger Rails server - how to access from outside? How to stop rails nginx-passenger application? How Phusion Passenger with Nginx process requests? How can I stop phusion passenger standalone?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM