Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Need to remove header response on server paramter that cq provides

Avatar

Level 4

Hi,

 
I need to remove the header response on server details  that cq would add on each response provided by server.
 
I thought of adding the required  code in global.jsp
 
if anyone thinks other wise please suggest
 
Thanks,
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Are you using Dispatcher in front of your Publisher?

Can you use Apache 2 Header unset command to be sure it's always removed on * requests?

Header unset SERVER

Thanks,

Peter

View solution in original post

9 Replies

Avatar

Level 10

If you do not want an HTTP Header response -- you can write a custom Sling Servlet that can sets the HTTP Header Response. 

See: 

http://stackoverflow.com/questions/19552543/how-to-set-header-in-http-response

http://www.informit.com/articles/article.aspx?p=29817&seqNum=8

Avatar

Administrator

Hi

Apart from what Scott has mentioned, We can modify response directly from JSP.

LINK:- http://www.tutorialspoint.com/jsp/jsp_server_response.htm

 

Please share your use case for the same

 

Thanks and Regards

Kautuk Sahni 



Kautuk Sahni

Avatar

Level 4

I currently see that when cq provides any respose from server in header details the "SERVER" parmeter is coming up.It clears gives the  details on the server  we 
use which is not  pratice as hackers can manipulate.So want  to restrict it. So i see that any jsp we use we add global.jsp  else we need to find the jsp we need
to remove the header details.

So i am plannig to add the below code in global.jsp
<%=response.setHeader("SERVER", ""); %>


please let me know if have any other thoughts

Avatar

Correct answer by
Community Advisor

Are you using Dispatcher in front of your Publisher?

Can you use Apache 2 Header unset command to be sure it's always removed on * requests?

Header unset SERVER

Thanks,

Peter

Avatar

Level 4

Hi Peter,

you suggestion is really useful. We use dispatcher and also Apache and 

could you please provide more details as which Apache file and any sample sinpet which i could use for testing

 

Thanks

Avatar

Community Advisor

On linux: Put the rule in the httpd.conf within your <VirtualHost tag.

Thanks,

Peter

Avatar

Level 4

Hi Peter,

 

Thanks for the input.Did you see that in cq5 dispatcher  can do any change to make this happen??

 

The reason we have the Apache used by other applications also .Hence wanted suggestion if this can be done at dispatcher.any

 

Thanks

Avatar

Community Advisor

Hi Srinivas,

Yes, have added custom headers in the past and removed headers too.

Never tried to stick it into .any file. In pre-production environment add configuration to dispatcher.any, restart apache2 process.

See if it works the way you want.

Thanks,

Peter