Skip to main content

PM77980: IBM HTTP SERVER SHOULD NOT ADD THE SERVER: HEADER BY DEFAULT


Fixes are available

8.5.0.2: WebSphere Application Server V8.5 Fix Pack 2
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • IBM HTTP Server V7 and later have an option to disable
generating the Server: HTTP response header, but suppressing
the header should be the default behavior per current security
guidelines.  Note that very little practically useful
information is included in the Server: header by default
("IBM_HTTP_Server" with no version or release info).

Local fix

  •  
    • 
  
 
  
Problem summary
 
  
     
   
  • ****************************************************************
* USERS AFFECTED:  Users of IBM HTTP Server (IHS) V7.0 and     *
*                  later that have not configured              *
*                  "AddServerHeader OFF".                      *
****************************************************************
* PROBLEM DESCRIPTION: IHS adds the "Server" header with a     *
*                      value of "IBM_HTTP_Server"  to all      *
*                      responses, unless "AddServerHeader OFF" *
*                      is configured.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
IHS 7.0 and later allows administrators to suppress the "Server"
HTTP response header, but it requires explicit configuration.
It
was determined that adding this info should instead be opt-in.

     
    • 
  
 
  
Problem conclusion
 
  
     
   
  • When no AddServerHeader directive is configured, IHS now
defaults to "AddServerHeader OFF" behavior.

This fix is targeted for IBM HTTP Server fixpacks:
 - 7.0.0.29
 - 8.0.0.6
 - 8.5.0.2

     
    • 
  
 
  
Temporary fix
 
  
     
   
  •  
    • 
  
 
  
Comments
 
  
     
   
  •  
    • 
  
 
  
APAR Information
 
  
 
   
     
    
  • APAR number
    PM77980
    •  
    
  • Reported component name
    IBM HTTP SERVER
    •  
    
  • Reported component ID
    5724J0801
    •  
    
  • Reported release
    700
    •  
    
  • Status
    CLOSED PER
    •  
    
  • PE
    NoPE
    •  
    
  • HIPER
    NoHIPER
    •  
    
  • Special Attention
    NoSpecatt
    •  
    
  • Submitted date
    2012-11-28
    •  
    
  • Closed date
    2012-12-03
    •  
    
  • Last modified date
    2013-03-01
    •  
   
 
  
 
  
     
   
  • APAR is sysrouted FROM one or more of the following:
     
    •  
   
  • APAR is sysrouted TO one or more of the following:
     
    •  
  
 
  
Fix information
 
  
     
   
  • Fixed component name
    IBM HTTP SERVER
    •  
   
  • Fixed component ID
    5724J0801
    •  
  
 
  
Applicable component levels
 
  
     
   
  • R700 PSY
       UP
    •  
   
  • R800 PSY
       UP
    •  
   
  • R850 PSY
       UP
    •  
  
 
 
 

 









Rate this page:



(0 users)Average rating 





















	
	
	
	
	









	



























Copyright and trademark information



	
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.  Other product and service names might be trademarks of IBM or other companies.  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.































Rate this page:






(0 users)Average rating









Add comments














Document information





	
IBM HTTP Server


	
Runtime


	




	
Software version:

	7.0

	





	
Reference #:

PM77980






Modified date:

2013-03-01








Translate my page














































 



Content navigation