Self-Solve Knowledge Search

Minimize Maximize
Remove the HTTP ‘Server’ response header
Title :
Remove the HTTP ‘Server’ response header
Document ID :
KM01250806
Product - Version:
quality center 12.00 11.52 12.20 ;
OS :
Updated :
Thu Nov 13 15:45:43 GMT 2014
Summary :
This document provides clarification on how to remove the HTTP ‘Server’ response header returned for all requests
ALM runs on the Jetty server container that allows it to serve http requests. By default, the container plants the http ‘Server’ header in each response. This header contains the name of the container (Jetty) as well as its exact version.
Solution

The 'Server' header is optional. Jetty can be reconfigured so that the header is not included in out server’s responses. This requires a simple change in jetty.xml configuration file.

  1. The file is located (in windows) under C:\ProgramData\HP\ALM\server\conf  (In Linux ProgramData == /var/opt/)

a.       In 12.20 the property appears under HttpConfiguration sections. For example:

     <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="secureScheme">https</Set>
        <Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set>
        <Set name="outputBufferSize">32768</Set>
        <Set name="requestHeaderSize">8192</Set>
        <Set name="responseHeaderSize">8192</Set>
        <Set name="sendServerVersion">true</Set>
        <Set name="sendDateHeader">false</Set>
        <Set name="headerCacheSize">512</Set>


       <Call name="addCustomizer">
          <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
        </Call>

    </New>

b.       In 11.52 and 12.00, the property appears directly under the root Server configuration section. For example:

  <Configure id="Server" class="org.eclipse.jetty.server.Server">
    <Set name="stopAtShutdown">true</Set>
    <Set name="sendServerVersion">true</Set>
    <Set name="sendDateHeader">true</Set>
    <Set name="gracefulShutdown">1000</Set>
    <Set name="dumpAfterStart">false</Set>
    <Set name="dumpBeforeStop">false</Set>
  </Configure>

       2.     Add or modify the sendServerVersion property to false

       3.     Restart ALM service