Dezactivarea headerului X-Powered-By in Plesk

Atunci cand instalezi Plesk (in cazul meu Plesk Onyx 17.5.3 Update #21) pe un server Linux, in configuratia originala exista un header adaugat (X-Powered-By) la fiecare cerere HTTP sau HTTPS, indiferent ca rulezi cu Apache sau Apache + Nginx.

Ce castigi prin scoaterea headerului:
* nu oferi potentialilor atacatori informatii despre site-ul tau
* site-ul tau are o linie in minus in headere la fiecare cerere, asadar banda consumata este mai mica (desi nu este semnificativ, exista un mic aport)

In cazul meu, adaugarea unei linii de cod in htaccess pentru a scoate headerul X-Powered-By nu a functionat. Cod:

<IfModule mod_headers.c>
 Header unset X-Powered-By
</IfModule>

Asadar, am facut urmatoarele modificari:

1. Am creat un template custom

dir /usr/local/psa/admin/conf/templates/custom/domain -p
cp /usr/local/psa/admin/conf/templates/default/server.php /usr/local/psa/admin/conf/templates/custom/
cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/

2. Am modificat template-ul custom

nano /usr/local/psa/admin/conf/templates/custom/server.php
la linia 70, am sters

<?php if (!$VAR->server->webserver->proxyActive): ?>
<IfModule mod_headers.c>
 Header add X-Powered-By PleskLin
</IfModule>
<?php endif ?>

nano /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
la linia 163, am sters
add_header X-Powered-By PleskLin;

3. Am refacut configurarile plesk

/usr/local/psa/admin/bin/httpdmng --reconfigure-all
Nota finala: desi in tutorialul de pe Oli's blog sugera restartul serverelor de apache si nginx, la mine a functionat fara restart.

---

Referinte: Oli's blog (in germana)