0
NOTE: This is a technical post regarding Apache on Linux with support for Ruby on Rails. Basic understanding of these concepts is necessary!
Normally you want to make sure your server doesn’t give out any information about service versions, however mod_rails doesn’t provide any easy way of doing this within the module itself. There is however a fairly easy solution. Simply use mod_headers to remove the headers in Apache.
So how is it done? Very simple, just enable the module mod_headers and add the snippet below to httpd.conf or another included configuration file in Apache. Both actions have to be done as root of course.
Enable the mod_headers module (This example is Linux Debian – it might be different for your system)
# cd /etc/apache2/mods-available/ # a2enmod headers
Add these lines to httpd.conf
Header always unset "X-Powered-By" Header always unset "X-Runtime"
Restart the Apache server (Again – this is Debian! It might be different for you)
# apache2ctl restartAnd there you go. Try making e.g. a Nikto scan on the server and see if the headers aren’t there any more.
Back to top
