Oct 30
Removing X-Powered-By header for mod_rails
I recently had a bit of a problem with a server running a Ruby on Rails application. I wanted to make sure the server didn’t give out any information about service versions, however mod_rails didn’t give any easy way of doing this within the module itself. I therefore began searching for another way of doing this, and found that an easy solution was to make Apache remove the headers via. the mod_headers module.
So how is it done? Very simple, just enable the module mod_headers and add the snippet below to httpd.conf or another included configuration file in Apache. Both actions have to be done as root of course.
Enable the mod_headers module (This example is Linux Debian - it might be different for your system)
# cd /etc/apache2/mods-available/ # a2enmod headers
Add these lines to httpd.conf
Header always unset "X-Powered-By" Header always unset "X-Runtime"
Restart the Apache server (Again - this is Debian! It might be different for you)
# apache2ctl restartAnd there you go. Try making e.g. a Nikto scan on the server and see if the headers aren’t there anymore.