Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Web & Splunkd HTTP Server response header

deyeo
Path Finder
‎04-01-2011 05:22 AM
  1. How do i remove the Splunk web http server response header?

Server: CherryPy/3.1.2

  1. How do i remove the Splunk daemon http server response header?

Server: Splunkd

  1. Any operational issues if the 2 response header are removed?
Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎04-03-2011 05:59 PM

I imagine you trying to remove these to satisfy some security / obfuscation requirement.

As far as the Splunkweb CherryPy header goes, that should be in the CherryPy python code somewhere. This is obviously editable by you in your own installation. However, you'll need to be incredibly careful to not break anything -- and this would be overwritten on upgrades.

For the Splunkd header itself, this is compiled into splunkd. I guess you could patch the binary with a hex editor, replacing the "Splunkd" characters with NULLs. This would be EXTREMELY RISKY and not at all recommended.

If this is important to you, I would recommend submitting and Enhancement Request with the details behind why this is needed and exactly what enhancement you are looking for.

View solution in original post

Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎04-03-2011 05:59 PM

I imagine you trying to remove these to satisfy some security / obfuscation requirement.

As far as the Splunkweb CherryPy header goes, that should be in the CherryPy python code somewhere. This is obviously editable by you in your own installation. However, you'll need to be incredibly careful to not break anything -- and this would be overwritten on upgrades.

For the Splunkd header itself, this is compiled into splunkd. I guess you could patch the binary with a hex editor, replacing the "Splunkd" characters with NULLs. This would be EXTREMELY RISKY and not at all recommended.

If this is important to you, I would recommend submitting and Enhancement Request with the details behind why this is needed and exactly what enhancement you are looking for.

Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-07-2011 07:02 AM

removing or modifying the CherryPy header will affect the PDFserver ability to generate PDF. thus, you need to modify the PDFserver code at ../splunk/etc/apps/pdfserver/bin/pdfhandler.py

Comment out these 3 lines to not check for the existence of CherryPy header:

if 'CherryPy' not in response.get('server', ''):
logger.warn("Remote web server at %s doesn't appear to be running CherryPy" % version_url)
return False

0 Karma
Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-05-2011 04:38 AM

the closet file that i can locate is: ..\splunk\lib\python2.6\site-packages\cherrypy_cprequest.py

is this the correct file?

0 Karma
Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-04-2011 07:20 AM

which particular py file contains the Splunkweb CherryPy header ?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...