How can I remove the Server header in Payara Micro 172?

1.8k views Asked by At

I'd like to remove the server header from Payara Micro's output.

For example, it reports this:

HTTP/1.1 200 OK
Server: Payara Micro #badassfish

I'd like to get rid of that Server line.

I see that issue 32 provided the capability in theory to disable this. The associated pull request certainly seems to show that there is some sort of property being consulted to disable this. And I can infer from this that I could presumably go into the administration GUI if this were a full-fledged server and click a checkbox somewhere.

But I'm running Payara Micro which needs to be fully configured from the command line at startup.

What I'm lacking is a simple "put this on the command line"-type of instruction and I can't seem to locate that anywhere. Is there a setting in, say, glassfish-web.xml-as-modified-by-Payara I could use? Or a command line switch? Or a specific asadmin attribute I could set in a pre-boot script? Ideas?

1

There are 1 answers

5
Mike On BEST ANSWER

The change that you referenced linked to a pull request which added a boolean server-header property to the http-listener which would disable the header.

There is no native asadmin command to set this property, so you will need to use an asadmin set command with the correct dotted name for the listener you want to modify. To find out what this is, you can use the get command with a wildcard and grep for the value you want, as shown below with Payara Server:

➜  ~ /opt/payara/server/171.1/bin/asadmin get "*" | grep server-header  
configs.config.default-config.network-config.protocols.protocol.http-listener-2.http.server-header=true
configs.config.default-config.network-config.protocols.protocol.http-listener-1.http.server-header=true
configs.config.default-config.network-config.protocols.protocol.admin-listener.http.server-header=true
configs.config.server-config.network-config.protocols.protocol.admin-listener.http.server-header=true
configs.config.default-config.network-config.protocols.protocol.sec-admin-listener.http.server-header=true
configs.config.server-config.network-config.protocols.protocol.http-listener-1.http.server-header=true
configs.config.server-config.network-config.protocols.protocol.http-listener-2.http.server-header=true

Since the default-config is just a template and not used, we want the listeners from server-config. http-listener-1 is for HTTP by default and http-listener-2 is for HTTPS by default. To modify the server-header property in Payara Micro, you would need to create a file with the following command in (note that Payara Micro only has a single listener by default called http-listener):

set configs.config.server-config.network-config.protocols.protocol.http-listener.http.server-header=false

You can then apply these with a prebootcommandfile as follows:

java -jar /opt/payara/micro/173/payara-micro.jar --prebootcommandfile myCommands.txt

You may also wish to disable the xpowered-by property via the same method.