Resolved How to globally disable X-Powered-By:PleskLin

[Hayk]

How to disable these headers from globally or change value
Server:nginx
X-Powered-ByleskLin

 

[IgorG]

Look at this thread http://talk.plesk.com/threads/disable-http-header-x-powered-by-plesklin.260694/
And use Forum search next time before posting

 

[abdi]

Can this help:
http://stackoverflow.com/questions/246227/how-do-you-change-the-server-header-returned-by-nginx

 

[Hayk]

Look at this thread http://talk.plesk.com/threads/disable-http-header-x-powered-by-plesklin.260694/
And use Forum search next time before posting

Not available that option in that file.

 

[Nomadturk]

Check /usr/local/psa/admin/conf/templates/default/server.php
It is there.

 

[Hayk]

Check /usr/local/psa/admin/conf/templates/default/server.php
It is there.

Doesnt work

 

[Nomadturk]

Did you run

 /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Afterwards?

 

[Hayk]

Sure )

 

[Hayk]

Did you run

 /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Afterwards?

Sure

 

[Nomadturk]

Strange, that did do the trick on my server which I just confirmed before posting here.

Try restarting your Web servers, just in case they didn't reload the new config.

 

[Hayk]

Strange, that did do the trick on my server which I just confirmed before posting here.

Try restarting your Web servers, just in case they didn't reload the new config.

Even many times i have restarted

 

[Nomadturk]

Run

cat /usr/local/psa/admin/conf/templates/default/*.php | grep PleskLin

If the result is positive and you see an entry there's another such entry to be removed.

Run

nano /usr/local/psa/admin/conf/templates/default/*.php

Press ctrl + W to find PleskLin, and try searching it on every new page. You're sure to find it unless you didn't create a custom template with the same content.

When you do find it, delete it. Then re-run the update command from my previous post.

 

[UFHH01]

Hi Hayk,

the "correct" usage would be:

1. Create a folder called "custom" at "/usr/local/psa/admin/conf/templates/", so that you have a custom "custom" directory for your unique modifications ( => /usr/local/psa/admin/conf/templates/custom ).
2. Create a folder called "domain" at "/usr/local/psa/admin/conf/templates/custom/", so that you have a custom "domain" directory for your unique modifications ( => /usr/local/psa/admin/conf/templates/custom/domain ).
3. Copy the desired template(s) to the "custom" folder
   1. Command over the command line:

      cp /usr/local/psa/admin/conf/templates/default/server.php /usr/local/psa/admin/conf/templates/custom/server.php

   2. Command over the command line:

      cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

4. Delete / edit or modify the part of .../custom/server.php :
   

   <IfModule mod_headers.c>
       Header add X-Powered-By PleskLin
   </IfModule>

5. Delete / edit or modify the part of .../custom/domain/nginxDomainVirtualHost.php :
   

   <?php if (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] && !$VAR->domain->physicalHosting->proxySettings['nginxServeStatic']): ?>
       location /internal-nginx-static-location/ {
           alias <?php echo $OPT['documentRoot'] ?>/;
           add_header X-Powered-By PleskLin;
           internal;
       }

• Reconfigure your webserver with the command:

  /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

• Smile to the camera and say: Cheeeeeeeeese

In some rare cases, you have to restart apache and nginx manually, even that the reconfigure-command includes the restarts of the two services.

 

[Hayk]

Hi Hayk,

the "correct" usage would be:

1. Create a folder called "custom" at "/usr/local/psa/admin/conf/templates/", so that you have a custom "custom" directory for your unique modifications ( => /usr/local/psa/admin/conf/templates/custom ).
2. Create a folder called "domain" at "/usr/local/psa/admin/conf/templates/custom/", so that you have a custom "domain" directory for your unique modifications ( => /usr/local/psa/admin/conf/templates/custom/domain ).
3. Copy the desired template(s) to the "custom" folder
   1. Command over the command line:

      cp /usr/local/psa/admin/conf/templates/default/server.php /usr/local/psa/admin/conf/templates/custom/server.php

   2. Command over the command line:

      cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

4. Delete / edit or modify the part of .../custom/server.php :
   

   <IfModule mod_headers.c>
       Header add X-Powered-By PleskLin
   </IfModule>

5. Delete / edit or modify the part of .../custom/domain/nginxDomainVirtualHost.php :
   

   <?php if (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] && !$VAR->domain->physicalHosting->proxySettings['nginxServeStatic']): ?>
       location /internal-nginx-static-location/ {
           alias <?php echo $OPT['documentRoot'] ?>/;
           add_header X-Powered-By PleskLin;
           internal;
       }

• Reconfigure your webserver with the command:

  /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

• Smile to the camera and say: Cheeeeeeeeese

In some rare cases, you have to restart apache and nginx manually, even that the reconfigure-command includes the restarts of the two services.

Many Thanks, and second question how to change delete "Server:nginx"

 

[UFHH01]

Many Thanks, and second question how to change delete "Server:nginx"

This information is hardcoded in your nginx version. If you would like to remove this header information, you have to compile your very own specific nginx version from source and use the compiling module "headers more", which allows you to define more and specific header informations. I don't recommend at all to use such options, because it doesn't secure your server, it just shows some obscurity, which incites hackers and other strange people to do more investigations to possible vulnerabilities on your server. Please use Fail2Ban, firewall and ModSecurity ( Web Application Firewall called "WAF" ) and you will do fine!

 

[Patrick Dankerss]

Still works wonderful thanks for this!

 

[CoyoteKG]

I have one question, and just to avoid opening new thread.

We had penetration testing of our servers, and one of the points which we need to fix is to remove headers.

I did like UFHH01 described (I did not deleted all, just removed PleskLin word), but when I try to reconfigure all, I'm getting error
So in /usr/local/psa/admin/conf/templates/custom/server.php now is

<?php if (!$VAR->server->webserver->proxyActive): ?>
<IfModule mod_headers.c>
    Header add X-Powered-By
</IfModule>
<?php endif ?>

and in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

<?php endforeach ?>
    add_header X-Powered-By;

# /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Error occured while sending feedback. HTTP code returned: 502
Error occured while sending feedback. HTTP code returned: 502
Execution failed.
Command: httpdmng
Arguments: Array
(
    [0] => --reconfigure-domains
    [1] => bckpsrv.domain.com webmailer.domain.com
)

Details: [2017-09-13 09:31:48] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/nginx-config' '-t'] with exit code [1]
Error occured while sending feedback. HTTP code returned: 502
[2017-09-13 09:31:48] ERR [panel] Apache config (15052879010.49762300) generation failed: Template_Exception: nginx: [emerg] invalid number of arguments in "add_header" directive in /etc/nginx/plesk.conf.d/ip_default/bckpsrv.domain.com.conf:64
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
Error occured while sending feedback. HTTP code returned: 502
nginx: [emerg] invalid number of arguments in "add_header" directive in /etc/nginx/plesk.conf.d/ip_default/bckpsrv.domain.com.conf:64
nginx: configuration file /etc/nginx/nginx.conf test failed

So, first question, Where I'm wrong?
2. I tried firstly on one unimportant server, but later will need to do that on server with important sites. So after reconfiguring all, if something went wrong, Can I just delete those newly created files, and reconfigure again to back everything like before?

3. How to hide php version from header?

Thx

 

[UFHH01]

Hi CoyoteKG,

if you experience the issue, that you are being informed with for example:

invalid number of arguments in "add_header" directive

... it is most likely the case, that you may solve such an issue, by RE-creating the depending (sub)domain - specific configuration file, AFTER you deleted the mentioned (sub)domain - related webserver configuration file.


Another reason might be, that you somehow doubled the code at your custom templates, so pls. check that with for example:

find /usr/local/psa/admin/conf/templates -type f -name "*.php" -exec grep --color -Hni "X-Powered-By" {} \;

Pls. note as well, that Plesk changed as well webserver configuration files by now, so the custom files should be now:

• /usr/local/psa/admin/conf/templates/custom/server.php
  
• /usr/local/psa/admin/conf/templates/custom/domain/nginxForwarding.php
  
• /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

 

[CoyoteKG]

Hi UFHH01,
thx for answer.

OK, I found the problem.
My lack of knowledge of PHP was the problem.

I just deleted argument PleskLin and that caused errors.
Now I edited that in "Sever", and everything works perfect.

Thank you again.

Also, I copied nginxForwarding.php to domain/