Layer7 API Management

Expand all | Collapse all

How to remove Apache headers i.e Server : Apache-Coyote/1.1

  • 1.  How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 21, 2016 10:42 PM

    Hi All,

    Hope all are doing good.

    I need quick help, one of the client receiving Apache security header i.e "Server : Apache-Coyote/1.1" with response while invoking web-service through layer7 but the actual web-service in not sending the above header, only the layer7 adding this security header to response.

    can you please let me know how to handle this to remove from response ?

     

    Thanks in advance.

     

    --UDAY



  • 2.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 21, 2016 11:17 PM

    Hi UDAY,

     

    You can change the Routing Properties to send the Response to a Context Variable and then using this Context variable extract the mainpart and return the information without headers like this.

     

    Screen Shot 2016-03-22 at 00.13.17.pngScreen Shot 2016-03-22 at 00.13.26.pngScreen Shot 2016-03-22 at 00.15.56.png

     

    Best Regards,

    Diego Martins



  • 3.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 22, 2016 12:31 AM

    Hi Diego Martins,

    Thanks a lot for quick reply, the security header is not coming from backed service, its layer7 gateway adding headers to back end response.

    if we invoke back end web service url directly ( with out layer7 ) we are not getting any headers from back end server.

     

    --UDAY

     



  • 4.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 21, 2016 11:29 PM

    Another option, in case you don't want to remove all the headers, and just that particular one, is either configure the HTTP Router Headers to pass only if you want (in case you just want to pass few headers) or save the ${response.http.alheadersvalues} using a Split Variable Assertion and strip out this specific header.



  • 5.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 21, 2016 11:36 PM

    There is Manage Transport Properties/Headers assertion that can add/replace/remove headers on target message.



  • 6.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 22, 2016 12:34 AM

    The security header is not coming from back-end service. back end service response with out any headers, but from layer7 the above headers are adding.



  • 7.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 22, 2016 12:53 AM

    Hi Uday.

     

    Whether the headers are coming from the backend or not, doesn't matter, as long as you handle the response leaving the gateway and going to the client calling/consuming the API. As far as I understood this is the response you want to strip the headers off, isn't it?

    You can deal with the responses and all it's HTTP stuff, in your case, the headers. There are several options to strip this 'Server' thing from the response headers coming off the gateway. As per the Mark_HE's recommendation, check this out: Manage Transport Properties/Headers Assertion - CA API Gateway - 9.0 - CA Technologies Documentation. You may use it to strip the desired headers off the response that's LEAVING the gateway (usually the last HTTP Route or return template assertion).

     

    I hope it helps.



  • 8.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 22, 2016 11:47 AM

    Hi udareddy,

     

    Another option will be to set the header value as empty before routing, using Add  Header assertion. Header name: Server; value: leave as blank, and then check Replace existing values.

     

    Regards,

    Anand



  • 9.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1
    Best Answer

    Posted Mar 22, 2016 01:51 PM

    You can set a new value for header 'server', but can not suppress it completely. You can have a fake value or leave it blank, but the "server" header will be there.

    NOTE: Ensure that the property name "server"is written in all lower case!

     



  • 10.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 22, 2016 06:58 PM

    Samuel has the correct answer in terms of doing it from a server perspective on the API Gateway. The header comes from Apache Tomcat which is used by the API Gateway for various types of connections.

     

    As an FYI, we actually have a KB article on this very topic already laid out with instructions, located here for your reference. The caveat is you must be signed in to the Layer 7 Support Portal for that to be readable.

     

    Sincerely,

     

    Dustin Dauncey

    Support Engineer, Global Customer Success

    Email: API-Support@ca.com

    Phone: +1 800 225 5224

    Outside of North America - ca.com/us/worldwide.aspx

    CA API Management Community: ca.com/talkapi



  • 11.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 24, 2016 04:30 AM

    Hi Samuel/Dustin Dauncey,

    Thanks for your quick workaround

    After implanting above workaround also we are receiving Apache security header. Please find the same in below screens.

    Please help me out to resolve this.

     



       
     
     




  • 12.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 24, 2016 01:46 PM

    What if you enter space in the 'value' field?

    For me it removed the 'Server' header completely. Just tested in on SSGv9.0 and 8.3.

    What version do you use?



  • 13.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 24, 2016 10:25 PM

    It's working as we expected with space.Thanks a lot Samuel for your help.

    this is the permanent solution for Apache header issue,yes, we can close this Discussion here.

     

    Thanks a lot for all.

     

    --UDAY



  • 14.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 30, 2016 02:53 PM

    I've issued a feature request in our internal channels to provide a documented method to remove the 'Server' header.

    Our internal reference for that is SSG-13266, if you wish to follow up in the future.

    — Sam.

    Vote for my ideas



  • 15.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 30, 2016 01:54 AM

    I tested the following -- leave the value field empty.

    1.

     

    2.

     

     

    Both remove the Server header in response.

     



  • 16.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 30, 2016 02:26 AM

    Hi Zhijun He,

    Thanks, seems its nice but in which version did you tested? in 8.1.0 version we don't have this assertion.

    --Uday



  • 17.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 30, 2016 12:46 PM

    Hi udareddy,

     

    There is Add Header assertion in 8.1.0.



  • 18.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Feb 19, 2019 01:34 PM

    Hi Zhijun He, adding space to Server header or keeping it empty is not working for CA-API gateway/9.0



  • 19.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 01, 2019 07:56 AM

    I had the same issue, it works if you write server with small characters. 



  • 20.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 11, 2019 10:18 AM

     

     

    Version:1.0 StartHTML:000000195 EndHTML:000049301 StartFragment:000048858 EndFragment:000049159 StartSelection:000048858 EndSelection:000049159 SourceURL:https://communities.ca.com/inboxInbox | CA Communities

    Hi Zhijun He

    Are you saying that in the above properties box Header name should be server instaed of Server and Header value can be either empty or containing a space ?

    It didn't work for me.

     

    Regards,

    Pramod Talekar



  • 21.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 11, 2019 10:39 AM

    I have kept the Transport properties assertion in the global policy fragment with Policy tab message completed.   

    Adding it only changes key name from Server to server but actual value remains the same.



  • 22.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Broadcom Employee
    Posted Mar 11, 2019 05:36 PM

    One question, from your policy, did you check the option "Send Response Immediately" on return template response assertion?

    Please ensure the "Send Response Immediately" option is unchecked.



  • 23.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 12, 2019 06:57 AM

    Send Response immediately is not checked.



  • 24.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 12, 2019 07:18 AM

    I have below policy.

    Despite all the combinations I have, the response headers contains Name:abc and Server : ${CA server details}.



  • 25.  Re: How to remove Apache headers i.e Server : Apache-Coyote/1.1

    Posted Mar 12, 2019 02:05 PM

    I finally had to change the properties in the Listen port mentioned above to get the desired result.