Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent Gunicorn from returning a 'Server' http header?

I would like to mask the version or remove the header altogether.

like image 866
user2253640 Avatar asked Apr 15 '13 08:04

user2253640


3 Answers

To change the 'Server:' http header, in your conf.py file:

 import gunicorn
 gunicorn.SERVER_SOFTWARE = 'Microsoft-IIS/6.0'

And use an invocation along the lines of gunicorn -c conf.py wsgi:app

To remove the header altogether, you can monkey-patch gunicorn by replacing its http response class with a subclass that filters out the header. This might be harmless, but is probably not recommended. Put the following in conf.py:

from gunicorn.http import wsgi

class Response(wsgi.Response):
    def default_headers(self, *args, **kwargs):
        headers = super(Response, self).default_headers(*args, **kwargs)
        return [h for h in headers if not h.startswith('Server:')]

wsgi.Response = Response

Tested with gunicorn 18

like image 117
Aryeh Leib Taurog Avatar answered Oct 21 '22 12:10

Aryeh Leib Taurog


For newer releases (20.0.4): Create a gunicorn.conf.py file with the content below in the directory from where you will run the gunicorn command:

import gunicorn
gunicorn.SERVER_SOFTWARE = 'My WebServer'
like image 32
vivekyad4v Avatar answered Oct 21 '22 12:10

vivekyad4v


This hasn't been clearly written here so I'm gonna confirm that the easiest way for the latest version of Gunicorn (20.1.x) is to add following lines into configuration file:

import gunicorn 
gunicorn.SERVER = 'undisclosed'
like image 6
PaszaVonPomiot Avatar answered Oct 21 '22 11:10

PaszaVonPomiot