Apache servers reporting version in response header
Bug #1484256 reported by
Steve Lewis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Low
|
Jean-Philippe Evrard | ||
Kilo |
Fix Released
|
Low
|
Jesse Pretorius | ||
Trunk |
Fix Released
|
Low
|
Jean-Philippe Evrard |
Bug Description
One thing we may want to make sure we do is limit the container from revealing it's hostname: <address>
To hide the version the default should probably be to include the directive "ServerTokens Prod" in /etc/apache2/
Similarly the ServerName directive within the virtual host template should be configurable perhaps with a default of the service name instead of the current behavior which includes the full container name.
Currently limited to Horizon and Keystone.
description: | updated |
description: | updated |
description: | updated |
tags: | added: low-hanging-fruit |
tags: | removed: low-hanging-fruit |
To post a comment you must log in.
This affects both Horizon and Keystone.