Apache servers will not reporting version anymore

In order to make it more difficult to know which httpd server is running, here is a change to reduce the ServerTokens OS to ServerTokens Prod and the ServerSignature On to ServerSignature Off. This removes ServerName and version report on page footer and reduces the detail of the httpd server running in the headers to "Apache". These options can be overwritten by an user variable Change-Id: I1aaffaa3b6b7d6574aefac65b6027e62240a702b Closes-Bug: #1484256
2015-08-19 14:19:32 +02:00 · 2015-08-19 14:19:32 +02:00 · 62cb64eff4
parent bfb378f19b
commit 62cb64eff4
2 changed files with 22 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -124,6 +124,8 @@ keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"

 ## Apache setup
 keystone_apache_log_level: info
+keystone_apache_servertokens: "Prod"
+keystone_apache_serversignature: "Off"
 keystone_wsgi_threads: "{{ ansible_processor_vcpus | default(2) // 2 }}"
 keystone_wsgi_processes: "{{ ansible_processor_vcpus | default(1) }}"

--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@ -57,6 +57,26 @@
  tags:
    - keystone-httpd

+- name: Ensure Apache ServerTokens
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerTokens'
+    line: "ServerTokens {{ keystone_apache_servertokens }}"
+  notify:
+    - Restart Apache
+  tags:
+    - keystone-httpd
+
+- name: Ensure Apache ServerSignature
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerSignature'
+    line: "ServerSignature {{ keystone_apache_serversignature }}"
+  notify:
+    - Restart Apache
+  tags:
+    - keystone-httpd
+
 - name: Enable/disable mod_ssl for apache2
  apache2_module:
    name: ssl