Server Signature

[kanderson]

I'm running Litespeed Web Server Enterprise v4.0.3 and have the Server Signature set to Hide Full Header. After restarting, when viewing a directory listing, the signature still appears:

Proudly Served by LiteSpeed Web Server at 127.0.0.1 Port 80

Am I missing something? There should be nothing showing up, or is that what you guys consider hiding the signature?

 

[auser]

you can edit $SERVER_ROOT/share/autoindex/default.php to change it.

The "Server Signature" is used to configure the "Server" value in every http response header. Can check it through firebug:

Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
Date: Sat, 16 May 2009 06:00:30 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Set-Cookie: d8d08f562db03c623e1ff6b19c2b8e75=-; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 16 May 2009 06:00:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html

in this example, configure this line:
Server: LiteSpeed

 

[kanderson]

Ah, thank you very much, auser!

 

[kanderson]

Ok, well while editing that file allows you to remove the closing line, I noticed that upon visiting a 403 page (for example, trying to view the contents of the cgi-bin), you get a full server signature again, complete with a link back to LiteSpeed.

Powered By LiteSpeed Web Server
LiteSpeed Technologies is not responsible for administration and contents of this web site!

The setting in the admin web panel should really disable this globally and completely remove the server signature, similar to how Apache has options for ServerSignature (Off, On, Email) and ServerTokens (ProductOnly, Minimal, OS, Full).

Since I'm more familiar with Apache, I'm used to more of the options available for securing a server for PCI compliancy, mainly the server signature/tokens, trace/track options, and handling of ciphers (which I found out how to do I believe).

Just wish it was more convenient to do through the admin panel rather than editing a file everytime (that I imagine will be overwritten when upgraded), especially when there's hundreds of environments to go through and update this for.

 

[mistwang]

add your own 403 page.

 

[Lvc]

I'm really sorry for resurrecting this ancient thread, but the signature "Proudly Served by LiteSpeed Web Server at" after being customized ($SERVER_ROOT/share/autoindex/default.php) gets overwritten each time a LSWS update is completed. I'm using LSWS Enterprise 4.2.20, is it possible to make this a permanent change without it being overwritten each time or alternatively to disable it completely? If not, it should definitely be made possible.

 

[mistwang]

Please try changing server level "Auto Index URI"
http://www.litespeedtech.com/docs/webserver/config/general#autoIndexURI

to something like "/_autoindex/custom.php"
create "custom.php" under $SERVER_ROOT/share/autoindex/ .

 

[Lvc]

Please try changing server level "Auto Index URI"
http://www.litespeedtech.com/docs/webserver/config/general#autoIndexURI

to something like "/_autoindex/custom.php"
create "custom.php" under $SERVER_ROOT/share/autoindex/ .

Hi, I have made the changes like you suggested but it doesn't seem to be working. This is how config looks like now:

I have created the file 'custom.php', placed it under '/usr/local/lsws/share/autoindex/custom.php' and restarted LSWS. The server is running cPanel on CloudLinux.

 

[mistwang]

You need to update CageFS to make the file available in user's cage.