# ServerTokens not working



## anigma (Jun 15, 2012)

Howdy,

Last night I did a fresh Apache 2.2 install on my FreeBSD 9.0 server. I have no errors or messages in /var/log/httpd-error.log, and still I can't get ServerTokens to work. Yes, I did uncomment the 
	
	



```
Include httpd-default.conf
```
 line in httpd.conf, and yes, I did restart apache afterwards. Am I missing something here? I'm trying to set the ServerTokens to OS.


----------



## anomie (Jun 16, 2012)

I'm presuming you installed from Ports. The apache-2.2 package - by default - also puts the ServerTokens directive in /usr/local/etc/apache22/httpd.conf, so that is where you want to change it. 

To see everywhere the directive is used: 
`# cd /usr/local/etc/apache22 && grep -Ri 'servertokens' httpd.conf Includes extra`

To avoid confusion, comment out redundant entries. After you're done editing, run a syntactical check, a la: 
`# apachectl -t`

And then restart Apache again. If it's _still_ not working, make sure your client web browser isn't doing something to interfere (like caching).


----------



## anigma (Jun 16, 2012)

Yes, I did install it from ports. Really? I've only seen it be "included" in /usr/local/etc/apache22/httpd.conf.
Also, I did a recursive grep and as expected I got:

`#  grep -Ri 'servertokens' httpd.conf Includes extra`

```
extra/httpd-default.conf:# ServerTokens
extra/httpd-default.conf:ServerTokens OS
```

Nothing seems to be wrong with:

`#  apachectl configtest`

```
Syntax OK
```

Perhaps you could make your way to http://www.evilbsd.no/ and see if it works? I actually thought it might have something to do with my browser's cache, so I fired up firefox and got the same results.

It's weird, right?


----------



## anomie (Jun 16, 2012)

What is it you were expecting a visitor to see? 

See attached images for the DocumentRoot page, and an HTTP 404 that I forced.


----------



## anigma (Jun 17, 2012)

I'm expecting a visitor and myself to see this: http://www.mistric.no/foo -- should say "FreeBSD" instead of "Debian" of course.


----------



## Abriel (Jun 17, 2012)

Should be in /usr/local/etc/apache22/httpd.conf

```
Include etc/apache22/extra/httpd-default.conf
```
And in /usr/local/etc/apache22/extra/httpd-default.conf
You have:

```
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

ServerTokens Full
```


----------



## anigma (Jun 17, 2012)

Heh, yes, that is exactly what it looks like. And still it doesn't seem to work. Is this some kind of bug?


----------



## DutchDaemon (Jun 25, 2012)

What http://www.evilbsd.no/ shows now is exactly what 
	
	



```
ServerTokens OS
```
 should convey:


```
Server: Apache/2.2.21 (FreeBSD)
```

To run down the categories (on one of my own servers):

Full

```
Server: Apache/2.2.22 (FreeBSD) mod_scgi/1.12 PHP/5.4.4 mod_ssl/2.2.22 OpenSSL/1.0.1c
```

OS

```
Server: Apache/2.2.22 (FreeBSD)
```

Minor

```
Server: Apache/2.2
```

Minimal

```
Server: Apache/2.2.22
```

Major

```
Server: Apache/2
```

Prod

```
Server: Apache
```


----------



## anigma (Jun 25, 2012)

OMG! I forgot to set ServerSignature to On. I feel stupid now!


----------

