I'm trying to remove the "Server" : "Apigee Router" header from the response.
I tried removing it using an Assign Message Policy in the Proxy Endpoints' PreFlow but it didn't do it.
Then tried the same in PostFlow and then in TargetEndPoints' pre/post flow - still didn't work.
Here's the policy I have in place:
<AssignMessage async="false" continueOnError="false" enabled="true" name="removeServerHeader"> <DisplayName>removeServerHeader</DisplayName> <AssignTo createNew="false" transport="http" type="response"/> <Properties/> <Remove> <Headers> <Header name="Server"/> </Headers> </Remove> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> </AssignMessage>
Solved! Go to Solution.
That header gets added by the Apigee router which is in front of the Message processors, you cannot delete using the policies @Anandakumar.Subramaniam
@Anandakumar.Subramaniam , Great Question, Thank you for highlighting this issue. Yes, I can able to reproduce same.
Looks like AssignMessage policy is removing existing header from target server , but after the flows looks like router is adding this header again before sending back to the client.
@arghya das Any idea ?
I meant to post this as a Question.
I'm not able remove the "Server" header entirely. The closest I've gotten to is setting the value to something non-empty using the <Set /> element viz.
<Set> <Headers> <Header name="Server">N/A</Header> </Headers> </Set>
So if anyone is aware of a way to remove the "Server" header from response entirely, I would appreciate if you share it.
Thanks!
That header gets added by the Apigee router which is in front of the Message processors, you cannot delete using the policies @Anandakumar.Subramaniam
Hi @Maruti Chand,
So what is the other option to remove 'Server' header from the response?
Regards,
Tomasz
@Maruti Chand - We would like to achieve this as well. I think any pen testing will raise it as a concern.
Hi @jaskarangump, It can be removed at the router, pls raise a support ticket for the same.
getting back on this, I ended up using an assign-message policy to assign a non-empty value (viz. ".") to the 'server' header.
Hi @jaskarangump ,
If you have on-premise installation, you need to set the following:
load.balancing.driver.nginx.var.server.name.val to NULL
on router machine.
Please let me know if that helps.
BR, Tomasz
I believe the property name now on the router.properties file is:
conf_load_balancing_load.balancing.driver.nginx.var.server.name.val='Desired String'
If a null value is what you want:
conf_load_balancing_load.balancing.driver.nginx.var.server.name.val=
Hope this helps!
Thanks for contributing to the community!