Server Signature

Discussion in 'Install/Configuration' started by kanderson, May 15, 2009.

  1. kanderson

    kanderson New Member

    I'm running Litespeed Web Server Enterprise v4.0.3 and have the Server Signature set to Hide Full Header. After restarting, when viewing a directory listing, the signature still appears:

    Proudly Served by LiteSpeed Web Server at 127.0.0.1 Port 80

    Am I missing something? There should be nothing showing up, or is that what you guys consider hiding the signature?
     
  2. auser

    auser Super Moderator

    you can edit $SERVER_ROOT/share/autoindex/default.php to change it.

    The "Server Signature" is used to configure the "Server" value in every http response header. Can check it through firebug:

    in this example, configure this line:
    Server: LiteSpeed
     
  3. kanderson

    kanderson New Member

    Ah, thank you very much, auser!
     
  4. kanderson

    kanderson New Member

    Ok, well while editing that file allows you to remove the closing line, I noticed that upon visiting a 403 page (for example, trying to view the contents of the cgi-bin), you get a full server signature again, complete with a link back to LiteSpeed.

    The setting in the admin web panel should really disable this globally and completely remove the server signature, similar to how Apache has options for ServerSignature (Off, On, Email) and ServerTokens (ProductOnly, Minimal, OS, Full).

    Since I'm more familiar with Apache, I'm used to more of the options available for securing a server for PCI compliancy, mainly the server signature/tokens, trace/track options, and handling of ciphers (which I found out how to do I believe).

    Just wish it was more convenient to do through the admin panel rather than editing a file everytime (that I imagine will be overwritten when upgraded), especially when there's hundreds of environments to go through and update this for.
     
  5. mistwang

    mistwang LiteSpeed Staff

    add your own 403 page.
     
  6. Lvc

    Lvc New Member

    I'm really sorry for resurrecting this ancient thread, but the signature "Proudly Served by LiteSpeed Web Server at" after being customized ($SERVER_ROOT/share/autoindex/default.php) gets overwritten each time a LSWS update is completed. I'm using LSWS Enterprise 4.2.20, is it possible to make this a permanent change without it being overwritten each time or alternatively to disable it completely? If not, it should definitely be made possible.
     
  7. mistwang

    mistwang LiteSpeed Staff

  8. Lvc

    Lvc New Member

    Hi, I have made the changes like you suggested but it doesn't seem to be working. This is how config looks like now:
    [​IMG]
    I have created the file 'custom.php', placed it under '/usr/local/lsws/share/autoindex/custom.php' and restarted LSWS. The server is running cPanel on CloudLinux.
     
  9. mistwang

    mistwang LiteSpeed Staff

    You need to update CageFS to make the file available in user's cage.
     

Share This Page