Changing the server name Sun One Web Server reports

I am a big fan of the Sun One Web Server, although I dislike the fact that it provides the server software and version by default in the HTTP header:

$ telnet localhost 80

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 23 Feb 2007 22:41:21 GMT
Content-length: 179
Content-type: text/html
Last-modified: Tue, 20 Feb 2007 14:30:21 GMT
Accept-ranges: bytes
Connection: close

Connection closed by foreign host.

This gives out more information that I care to share, and provides remote attackers with an extra piece of information to determine the software stack that is in use. Luckily the value reported in the “Server” attribute can be changed by adding the “ServerString” directive to the magnus.conf. Here is a sample magnus.conf entry that sets the “Server” attribute to the string “Apache”:

ServerString Apache

Once this directive is set, the web server will return the string “Apache” instead of the string “Sun-ONE-Web-Server/6.1”:

$ telnet localhost 80

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Server: Apache
Date: Fri, 23 Feb 2007 22:43:58 GMT
Content-length: 179
Content-type: text/html
Last-modified: Tue, 20 Feb 2007 14:30:21 GMT
Accept-ranges: bytes
Connection: close

Connection closed by foreign host.

Tis all about not disclosing information if you don’t have to!