Aconiac Security Group Blog » Linux http://blog.aconiac.com The official Aconiac company blog Wed, 19 May 2010 16:12:05 +0000 en hourly 1 http://wordpress.org/?v=abc Removing X-Powered-By header for mod_rails http://blog.aconiac.com/2009/03/03/removing-x-powered-by-header-for-mod_rails/ http://blog.aconiac.com/2009/03/03/removing-x-powered-by-header-for-mod_rails/#comments Tue, 03 Mar 2009 21:47:09 +0000 Michael Lind Mortensen http://blog.aconiac.com/?p=61 NOTE: This is a technical post regarding Apache on Linux with support for Ruby on Rails. Basic understanding of these concepts is necessary!

Normally you want to make sure your server doesn’t give out any information about service versions, however mod_rails doesn’t provide any easy way of doing this within the module itself. There is however a fairly easy solution. Simply use mod_headers to remove the headers in Apache.

So how is it done? Very simple, just enable the module mod_headers and add the snippet below to httpd.conf or another included configuration file in Apache. Both actions have to be done as root of course.

Enable the mod_headers module (This example is Linux Debian – it might be different for your system)

# cd /etc/apache2/mods-available/
# a2enmod headers

Add these lines to httpd.conf

Header always unset "X-Powered-By"
Header always unset "X-Runtime"

Restart the Apache server (Again – this is Debian! It might be different for you)

# apache2ctl restart

And there you go. Try making e.g. a Nikto scan on the server and see if the headers aren’t there any more.

]]> http://blog.aconiac.com/2009/03/03/removing-x-powered-by-header-for-mod_rails/feed/ 0