How to remove/change the X-Powered-By header for all websites hosted in Plesk

Follow

Comments

10 comments

  • Avatar
    Daniel Santer (Edited )

    "Removing the X-Powered-By header"

    This method does not work for me. I still recieve the X-Powered-By header...

     

    Eather it's a painful work if you have a lot of domains. You should implement a toggle to hide this header same with php x-powered-by header, for security reasons, or just keep them away...

    2
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @Daniel Thanks for the feedback!
    I've checked instructions on the test server and it works for me. Please provide more details. Have you reconfigured domains as per step 7?

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    If i have my custom templates, e.g. /usr/local/psa/admin/conf/templates/default/server.php

    Will I have problems with future Plesk updates?

    Or could it be that I will not benefit from further improvements?

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Tobias,

    Having a custom template is not an obstacle for future updates.

    In case you will have any issue, feel free to contact Plesk Technical Support.

    0
    Comment actions Permalink
  • Avatar
    Josef Glatz (Edited )

    Thanks for that article! Works as described in Onyx 17.8.11 on Ubuntu

     

    Beside that: It would be very very nice if Plesk can include a toggle in the website config GUI to disable such headers also when nginx works as proxy in front of apache

    1
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Josef Glatz,

    Hello! Thank you for the feedback.

    You may share your idea on a special resource: https://plesk.uservoice.com/forums/184549-feature-suggestions

    0
    Comment actions Permalink
  • Avatar
    Christian Heutger

    Are you sure, that your guide above is correct? Why should I remove

    <?php foreach ((array)$VAR->domain->physicalHosting->headers as list($name, $value)): ?>
    add_header <?=$VAR->quote([$name, $value])?>;
    <?php endforeach ?>

    and not only the line

    add_header X-Powered-By PleskLin;

    in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php?

    It looks like the lines above set all other headers chosen in the GUI and last one just set the X-Powerd-By header? So if removing all 4 lines, no own set headers will be written as well?

    0
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hello @Christian Heutger,

    Thank you for the feedback!

    The article was reworked

    0
    Comment actions Permalink
  • Avatar
    Patrick Jansen

    I followed the whole procedure, including " /usr/local/psa/admin/sbin/httpdmng --reconfigure-all " (twice) and still see "X-Powered-By".   Diagnose & Repair says 

    WARNING Checking for custom configuration templates Some custom configuration templates have been found. The custom templates have higher priority than default templates in case of configs generation Please check documentation for details: https://docs.plesk.com/current/redirect.html?book=advanced-administration-guide-linux&page=68693.htm

    Restarted everything, but nope :-(. 

    Any help?  A security officier from customer wants us to remove it. 

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Patrick Jansen

    This warning is expected because a custom template is created in the proposed steps.

    The most probable cause is that templates were sent incorrectly. Make sure that all 3 rows were removed in all 3 files as per the instruction.

     

    In case this still won't work for you, consider submitting a support request.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request