diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index c9304993..6e989643 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -537,6 +537,11 @@ static modsec_rec *create_tx_context(request_rec *r) { static apr_status_t change_server_signature(server_rec *s) { char *server_version = NULL; + /* This is a very particular way to handle the server banner. It is Apache + * only. Stanalone and descendants should address that in its specifics + * implementations, e.g. Nginx module. + */ +#if !(defined(VERSION_IIS)) && !(defined(VERSION_NGINX)) && !(defined(VERSION_STANDALONE)) if (new_server_signature == NULL) return 0; server_version = (char *)apache_get_server_version(); @@ -568,7 +573,7 @@ static apr_status_t change_server_signature(server_rec *s) { else { ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, s, "SecServerSignature: Changed server signature to \"%s\".", server_version); } - +#endif return 1; } diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c index dc622551..a72e6c51 100644 --- a/nginx/modsecurity/ngx_http_modsecurity.c +++ b/nginx/modsecurity/ngx_http_modsecurity.c @@ -719,6 +719,14 @@ ngx_http_modsecurity_save_headers_out(ngx_http_request_t *r) upstream = r->upstream; r->upstream = &ngx_http_modsecurity_upstream; + /* case SecServerSignature was used, the "Server: ..." header is added + * here, overwriting the default header supplied by nginx. + */ + if (modsecIsServerSignatureAvailale() != NULL) { + apr_table_add(ctx->req->headers_out, "Server", + modsecIsServerSignatureAvailale()); + } + if (apr_table_do(ngx_http_modsecurity_save_headers_out_visitor, r, ctx->req->headers_out, NULL) == 0) { diff --git a/standalone/api.c b/standalone/api.c index c7875896..4ce29236 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -673,3 +673,11 @@ void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsi void modsecSetDropAction(int (*func)(request_rec *r)) { modsecDropAction = func; } + +/* + * Case SecServerSignature was used, this function returns the banner that + * should be used, otherwise it returns NULL. + */ +const char *modsecIsServerSignatureAvailale(void) { + return new_server_signature; +} diff --git a/standalone/api.h b/standalone/api.h index eec55a31..b2ab9322 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -114,6 +114,8 @@ int modsecIsRequestBodyAccessEnabled(request_rec *r); void modsecSetConfigForIISRequestBody(request_rec *r); +const char *modsecIsServerSignatureAvailale(void); + #ifdef __cplusplus } #endif