yes. This can be in the user's code:
response.headers['X-Powered-By'] = 'xping'
On Sunday, 12 April 2020 12:47:31 UTC-7, Alex Beskopilny wrote:
>
> cd web2py/gluon
> grep -r X-Powered-By
> ./globals.py:self.headers['X-Powered-By'] = 'xping'
>
>
> воскресенье, 12 апреля 2020 г., 16:02:13 UTC+3 пользователь Yan Wong
> написал:
>>
>> I'm a bit disappointed that web2py by default sets `X-Powered-By: web2py`
>> in the http header, thus making it easier for web-scanning tools to detect
>> the software running behind a web site, and allow more targetted attacks.
>> Is there an easy config option to efficiently turn this off for all pages /
>> json responses etc served by web2py? Also, are there other ways to obscure
>> the fact that it is web2py / python running on a web server, and reduce
>> information disclosure? For example, can anyone detect what python version
>> I'm running by using web queries: I see that rocket server puts the python
>> version in the `Server:` header, which seems bad to me, although my
>> production machine simply returns `Server: nginx` which is a little better,
>> I suppose. I suspect it will never be possible to obscure the software
>> entirely, but anything that makes it harder for the script kiddies seems
>> like an easy win to me.
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/8501f04d-8fc7-4d57-b728-d3da994d12a8%40googlegroups.com.
