Configuration Tornado Web Server
164 views
Skip to first unread message
Carlos Andrés Garzón Benavides
Sep 17, 2020, 4:22:40 PM9/17/20
to Tornado Web Server
Hi All
I would like to know how can I configure Tornado Web Server to hide the versión information being used and from jquery
Thanks
Ben Darnell
Sep 18, 2020, 11:51:55 AM9/18/20
to Tornado Mailing List
I assume you're talking about the `Server` HTTP header. To change this, override `RequestHandler.set_default_headers`:
class MyRequestHandler(RequestHandler):
def set_default_headers(self):
self.set_header("Server", "MyServer") # or just self.clear_header("Server")
--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/python-tornado/03dcdd6c-8343-4c29-8976-07d2f38413c2n%40googlegroups.com.
Carlos Andrés Garzón Benavides
Sep 18, 2020, 12:36:44 PM9/18/20
to Tornado Web Server
I'm going to describe what happens: An auditing software was run and it shows a "Software Disclosure" vulnerability.
Tornado communicates with JupyterHub and what is required is that the tornado version be hidden and that it does not show the user's login data.
I attach a picture of the audit result.
Doing what you mention would hide the tornado version?
Shane Spencer
Sep 18, 2020, 12:39:04 PM9/18/20
to python-...@googlegroups.com
If you don’t want to modify jupiterhub code then you will want to use nginx to modify these headers as proxy.
To view this discussion on the web visit https://groups.google.com/d/msgid/python-tornado/c47d4a51-3341-4ce2-b3f1-8aa25f23d859n%40googlegroups.com.
|
Shane Spencer
about.me/ShaneSpencer
|
Carlos Andrés Garzón Benavides
Sep 18, 2020, 1:00:55 PM9/18/20
to Tornado Web Server
In other words, with Tornado vulnerability cannot be supplied?
Or I don't know if suddenly a parameter can be added in a Jupyter or tornado config file where that vulnerability can be overcome.
Shane Spencer
Sep 18, 2020, 1:09:25 PM9/18/20
to python-...@googlegroups.com
Tornado is responsible for setting the server header directly and it’s easy to get at when you look at the code specifically for tornado.
Anything other than the server header is most likely up to the application to handle and making modifications to those without making modifications to the code will most likely break the application.
You should instead focus on working with the Jupiter hub developers or creating an exception where you work
To view this discussion on the web visit https://groups.google.com/d/msgid/python-tornado/f80953fa-4b24-4294-a547-0410e0b22bc2n%40googlegroups.com.
Carlos Andrés Garzón Benavides
Sep 18, 2020, 3:37:32 PM9/18/20
to Tornado Web Server
Ok, thanks a lot
I'll to see this options
Reply all
Reply to author
Forward
0 new messages