ServerTokens not working

[anigma]

Howdy,

Last night I did a fresh Apache 2.2 install on my FreeBSD 9.0 server. I have no errors or messages in /var/log/httpd-error.log, and still I can't get ServerTokens to work. Yes, I did uncomment the

Include httpd-default.conf

line in httpd.conf, and yes, I did restart apache afterwards. Am I missing something here? I'm trying to set the ServerTokens to OS.

 

[anomie]

I'm presuming you installed from Ports. The apache-2.2 package - by default - also puts the ServerTokens directive in /usr/local/etc/apache22/httpd.conf, so that is where you want to change it.

To see everywhere the directive is used:
# cd /usr/local/etc/apache22 && grep -Ri 'servertokens' httpd.conf Includes extra

To avoid confusion, comment out redundant entries. After you're done editing, run a syntactical check, a la:
# apachectl -t

And then restart Apache again. If it's still not working, make sure your client web browser isn't doing something to interfere (like caching).

 

[anigma]

Yes, I did install it from ports. Really? I've only seen it be "included" in /usr/local/etc/apache22/httpd.conf.
Also, I did a recursive grep and as expected I got:

# grep -Ri 'servertokens' httpd.conf Includes extra

extra/httpd-default.conf:# ServerTokens
extra/httpd-default.conf:ServerTokens OS

Nothing seems to be wrong with:

# apachectl configtest

Syntax OK

Perhaps you could make your way to http://www.evilbsd.no/ and see if it works? I actually thought it might have something to do with my browser's cache, so I fired up firefox and got the same results.

It's weird, right?

 

[anomie]

What is it you were expecting a visitor to see?

See attached images for the DocumentRoot page, and an HTTP 404 that I forced.

 

[anigma]

I'm expecting a visitor and myself to see this: http://www.mistric.no/foo -- should say "FreeBSD" instead of "Debian" of course.

 

[Abriel]

Should be in /usr/local/etc/apache22/httpd.conf

Include etc/apache22/extra/httpd-default.conf

And in /usr/local/etc/apache22/extra/httpd-default.conf
You have:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

ServerTokens Full

 

[anigma]

Heh, yes, that is exactly what it looks like. And still it doesn't seem to work. Is this some kind of bug?

 

[DutchDaemon]

What http://www.evilbsd.no/ shows now is exactly what

ServerTokens OS

should convey:

Server: Apache/2.2.21 (FreeBSD)

To run down the categories (on one of my own servers):

• Full
  

  Server: Apache/2.2.22 (FreeBSD) mod_scgi/1.12 PHP/5.4.4 mod_ssl/2.2.22 OpenSSL/1.0.1c

• OS
  

  Server: Apache/2.2.22 (FreeBSD)

• Minor
  

  Server: Apache/2.2

• Minimal
  

  Server: Apache/2.2.22

• Major
  

  Server: Apache/2

• Prod
  

  Server: Apache

 

[anigma]

OMG! I forgot to set ServerSignature to On. I feel stupid now!