Apache servers will not reporting version anymore

In order to make it more difficult to know which httpd server is running, here is a change to reduce the ServerTokens OS to ServerTokens Prod and the ServerSignature On to ServerSignature Off. This removes ServerName and version report on page footer and reduces the detail of the httpd server running in the headers to "Apache". These options can be overwritten by an user variable Change-Id: I1aaffaa3b6b7d6574aefac65b6027e62240a702b Closes-Bug: #1484256
2015-08-19 14:19:32 +02:00 · 2015-08-19 14:19:32 +02:00 · e983c15d67
commit e983c15d67
parent 5bd7a5540c
2 changed files with 20 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -49,6 +49,8 @@ horizon_lib_dir: /usr/local/lib/python2.7/dist-packages
 horizon_endpoint_type: internalURL

 horizon_server_name: "horizon"
+horizon_apache_servertokens: "Prod"
+horizon_apache_serversignature: "Off"
 horizon_log_level: info
 horizon_dropdown_max_items: 30
 horizon_time_zone: UTC
--- a/tasks/horizon_apache.yml
+++ b/tasks/horizon_apache.yml
@ -63,3 +63,21 @@
  notify: Restart apache2
  tags:
    - horizon-apache-config
+
+- name: Ensure Apache ServerTokens
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerTokens'
+    line: "ServerTokens {{ horizon_apache_servertokens }}"
+  notify: Restart apache2
+  tags:
+    - horizon-apache-config
+
+- name: Ensure Apache ServerSignature
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerSignature'
+    line: "ServerSignature {{ horizon_apache_serversignature }}"
+  notify: Restart apache2
+  tags:
+    - horizon-apache-config