I’m trying to remove the “Server” : “Apigee Router” header from the response.
I tried removing it using an Assign Message Policy in the Proxy Endpoints’ PreFlow but it didn’t do it.
Then tried the same in PostFlow and then in TargetEndPoints’ pre/post flow - still didn’t work.
Here’s the policy I have in place:
<AssignMessage async="false" continueOnError="false" enabled="true" name="removeServerHeader">
<DisplayName>removeServerHeader</DisplayName>
<AssignTo createNew="false" transport="http" type="response"/>
<Properties/>
<Remove>
<Headers>
<Header name="Server"/>
</Headers>
</Remove>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>
1 Like
anilsr
September 13, 2016, 4:15pm
2
@Anandakumar.Subramaniam , Great Question, Thank you for highlighting this issue. Yes, I can able to reproduce same.
Looks like AssignMessage policy is removing existing header from target server , but after the flows looks like router is adding this header again before sending back to the client.
@arghya das Any idea ?
I meant to post this as a Question.
I’m not able remove the “Server” header entirely. The closest I’ve gotten to is setting the value to something non-empty using the element viz.
<Set>
<Headers>
<Header name="Server">N/A</Header>
</Headers>
</Set>
So if anyone is aware of a way to remove the “Server” header from response entirely, I would appreciate if you share it.
Thanks!
That header gets added by the Apigee router which is in front of the Message processors, you cannot delete using the policies @Anandakumar.Subramaniam
1 Like
Hi @Maruti Chand ,
So what is the other option to remove ‘Server’ header from the response?
Regards,
Tomasz
@Maruti Chand - We would like to achieve this as well. I think any pen testing will raise it as a concern.
Hi @jaskarangump , It can be removed at the router, pls raise a support ticket for the same.
Hi @jaskarangump ,
If you have on-premise installation, you need to set the following:
load.balancing.driver.nginx.var.server.name.val to NULL
on router machine.
Please let me know if that helps.
BR, Tomasz
getting back on this, I ended up using an assign-message policy to assign a non-empty value (viz. “.”) to the ‘server’ header.
I believe the property name now on the router.properties file is:
conf_load_balancing_load.balancing.driver.nginx.var.server.name.val=‘Desired String’
If a null value is what you want:
Hope this helps!
1 Like
Thanks for contributing to the community!
