Disable Server Signature via HTACCESS?

#1
Currently all output contains this HTTP response header:
Server: LiteSpeed

For users in a shared environment who don't have access to the server config file, Apache has a cool directive called ServerSignature off to disable the output of the Server header in all output requests to improve security.

Does LiteSpeed have something similar?
 
#3
I have the same question as the original poster, but the link that was given does not seem to help. I need to know how to do this via .htaccess since I am on a shared server with no access to any WebAdmin area like in the link above. Thanks!

PS - Same question for the "ServerTokens Prod" setting please
 

lucasrolff

Member
Staff member
#4
You should be able to use Header unset Server in your .htaccess file:

Code:
$ curl -sI http://example.com/
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Link: <http://example.com/wp-json/>; rel="https://api.w.org/"
Etag: "4-1546974985;;;"
Date: Sun, 13 Jan 2019 20:30:05 GMT
Connection: Keep-Alive
You can also use Header set Server "A lightning fast web server" to set the server to any value you like:

Code:
$ curl -sI http://example.com/
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Link: <http://example.com/wp-json/>; rel="https://api.w.org/"
Etag: "4-1546974985;;;"
Date: Sun, 13 Jan 2019 20:32:03 GMT
Server: A lightning fast web server
Connection: Keep-Alive
 
#5
So do I simply add "Header unset Server" to htaccess and that is all? I tried that and it is not having any effect. I also tried your other code "Header set Server "A lightning fast web server" with no success. I still get the grey bar across the bottom with the following text in it:

Proudly powered by LiteSpeed Web Server
Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.

Any further suggestions?
 

lucasrolff

Member
Staff member
#6
So do I simply add "Header unset Server" to htaccess and that is all? I tried that and it is not having any effect. I also tried your other code "Header set Server "A lightning fast web server" with no success. I still get the grey bar across the bottom with the following text in it:

Proudly powered by LiteSpeed Web Server
Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.

Any further suggestions?
Ahh - so, the original poster was asking to remove the HTTP Response header, and the above supplied code will do just that.

The "Proudly powered by LiteSpeed Web Server" comes from error pages, such as 404 and 503 status codes.

If you simply want to remove the grey bar, you can in your .htaccess file add following:

Code:
ErrorDocument 404 /404.html
And then create the file 404.html in the root of your website, with the contents:

HTML:
<!DOCTYPE html>
<html style="height:100%">
<head><title> 404 Not Found</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">
  <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
    <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
    <h2 style="margin-top:20px;font-size: 30px;">Not Found</h2>
    <p>The resource requested could not be found on this server!</p>
  </div>
</div>
</body>
</html>
The above code, is based on the original 404-page from LiteSpeed, but simply with the grey bar removed.
 
Top