Saturday, August 13, 2022

[FIXED] How to remove the server header from Kubernetes deployed applications

      , ,      No comments   

Issue

I am asking this question in the style of question then answer.

If you create your Ingress objects for Helm charts or regular "kubectl apply" deployments, after deployment to your cluster, you might see the server header in your responses. This is regarded as a security concern. It should not be present.

enter image description here

You might not have control of your cluster or Ingress Controllers. How can you remove the header in question?


Solution

You might not have control of your cluster or Ingress Controllers, but you do have control of your Ingress manifests.

In each of your Ingress manifest files (maybe inside your Helm charts) you can update your Ingress definition(s).

apiVersion: networking.k8s.io/v1beta1 # for versions before 1.14 use extensions/v1beta1
kind: Ingress
metadata:
  name: {{ .Release.Name}}-{{ .Values.baseName }}-ingress-spa
  namespace: {{ .Values.global.config.namespace }}
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/configuration-snippet: |
          more_clear_headers "Server";    
spec:
  tls:
  - hosts:

The key part is:

nginx.ingress.kubernetes.io/configuration-snippet: |
          more_clear_headers "Server";

This instructs nginx to clear the server header. After redeploying your application you should now see:

enter image description here

And voila, the server header is gone.



Answered By - Ian Robertson
Answer Checked By - Robin (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...