Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Web & Splunkd HTTP Server response header

deyeo
Path Finder
‎04-01-2011 05:22 AM
  1. How do i remove the Splunk web http server response header?

Server: CherryPy/3.1.2

  1. How do i remove the Splunk daemon http server response header?

Server: Splunkd

  1. Any operational issues if the 2 response header are removed?
Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎04-03-2011 05:59 PM

I imagine you trying to remove these to satisfy some security / obfuscation requirement.

As far as the Splunkweb CherryPy header goes, that should be in the CherryPy python code somewhere. This is obviously editable by you in your own installation. However, you'll need to be incredibly careful to not break anything -- and this would be overwritten on upgrades.

For the Splunkd header itself, this is compiled into splunkd. I guess you could patch the binary with a hex editor, replacing the "Splunkd" characters with NULLs. This would be EXTREMELY RISKY and not at all recommended.

If this is important to you, I would recommend submitting and Enhancement Request with the details behind why this is needed and exactly what enhancement you are looking for.

View solution in original post

Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎04-03-2011 05:59 PM

I imagine you trying to remove these to satisfy some security / obfuscation requirement.

As far as the Splunkweb CherryPy header goes, that should be in the CherryPy python code somewhere. This is obviously editable by you in your own installation. However, you'll need to be incredibly careful to not break anything -- and this would be overwritten on upgrades.

For the Splunkd header itself, this is compiled into splunkd. I guess you could patch the binary with a hex editor, replacing the "Splunkd" characters with NULLs. This would be EXTREMELY RISKY and not at all recommended.

If this is important to you, I would recommend submitting and Enhancement Request with the details behind why this is needed and exactly what enhancement you are looking for.

Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-07-2011 07:02 AM

removing or modifying the CherryPy header will affect the PDFserver ability to generate PDF. thus, you need to modify the PDFserver code at ../splunk/etc/apps/pdfserver/bin/pdfhandler.py

Comment out these 3 lines to not check for the existence of CherryPy header:

if 'CherryPy' not in response.get('server', ''):
logger.warn("Remote web server at %s doesn't appear to be running CherryPy" % version_url)
return False

0 Karma
Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-05-2011 04:38 AM

the closet file that i can locate is: ..\splunk\lib\python2.6\site-packages\cherrypy_cprequest.py

is this the correct file?

0 Karma
Reply
Solved! Jump to solution

deyeo
Path Finder
‎04-04-2011 07:20 AM

which particular py file contains the Splunkweb CherryPy header ?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...