Recently we migrated a couple of old servers to a new one. We used to have many old ones for requirements of customers. Since the have switched to new software, we we able to finally upgrade to new hardware. This introduced a new version of Plesk.
Plesk is an easy way of hosting websites without having to do much manually. I know this is something that „real“ admins will hate me for but hey, it’s easy and it works. As I don’t like changes too much, I didn’t like the new Plesk at all. I got used to it by now.
Accidentally I noticed some new header in the server responses which I didn’t like. On each request Plesk automatically added a new header to the response.
X-Powered-By: PleskLin
This is quite annoying in my opinion. I had to find out how to remove it.
Now, as this server is running an apache, I needed to check the config file first. This is usually located at /etc/httpd/conf/httpd.conf. Checking this file you will notice that Apache and Plesk uses a whole directory for storing configuration. In my case this is /etc/httpd/conf.d. All of the files in there will be processed in alphabetical order!
You might think about just editing the standard Plesk config files. This isn’t a good idea. There is a big chance of breaking your installation of Plesk or Apache if you’re not sure what you’re doing. The other problem is Plesk overwriting and generating the conf files automatically. So you need to stay out of reach of Plesk. The easiest way is to remember how Apache processes the config files. Just add one at the end of the list. Have it start with something like „zzzzz“. This will make it be the last file to be processed. In my case I added a new conf file like this
[limited@server4 conf.d]# ls -la drwxr-xr-x 2 root root 4096 Nov 18 22:30 . drwxr-xr-x 4 root root 4096 Aug 22 08:56 .. -rw-r--r-- 1 root root 660 Nov 18 21:31 fcgid.conf -rw-r--r-- 1 root mailman 688 Mar 30 2011 mailman.conf -rw-r--r-- 1 root root 1796 Apr 22 2005 perl.conf -rw-r--r-- 1 root root 93 Nov 1 09:28 php_cgi.conf -rw-r--r-- 1 root root 674 Mar 30 2011 php.conf -rw-r--r-- 1 root root 566 Sep 21 10:14 proxy_ajp.conf -rw-r--r-- 1 root root 1671 Jan 6 2007 python.conf -rw-r--r-- 1 root root 392 Sep 21 10:14 README -rw-r--r-- 1 root root 9677 Nov 18 21:36 ssl.conf -rw-r--r-- 1 root root 352 Jan 9 2007 webalizer.conf -rw-r--r-- 1 root root 299 Sep 21 10:14 welcome.conf -rw-r----- 1 root apache 372 Nov 18 21:40 zz010_psa_httpd.conf -rw-r--r-- 1 root root 109 Nov 18 22:30 zzzzzDia24.conf
This way we can do whatever we want and leave Plesk alone. The best thing about it is to have Plesk leave us alone as well. We can now unset the header entry. Also we can add our own header if we like. This is what I did for displaying my own header. The following lines are the content of my zzzzzDia24.conf
<IfModule mod_headers.c> Header unset X-Powered-By Header add X-Powered-By "www.dia24.de" </IfModule>
As this is the last config file to be processed, this will override everything that Plesk thinks is the „right thing“. This is what it looks like afterwards:
Now me and Plesk are happy 😉
Actually, I found an even better way than my previous posts. The official way, and it doesn’t get overwritten:
http://download1.parallels.com/Plesk/PP11/11.5/Doc/ru-RU/online/plesk-linux-advanced-administration-guide/index.htm?fileName=68693.htm
Hi!
My solution is server-wide. The Plesk solution you mentioned is per site only.
Best regards,
Boris
Thanks. Yes, your solution works when using Apache… However, when using nginx, (as in my case) I needed a different solution. .htaccess and apache config files solutions didn’t have any effect for me, as it was set by a different server: nginx. So I wanted to share an additional solution that can be added to your already good solution.
Also, when using the master custom Plesk templates, it removes it for all sites loaded, which is nearly the same effect as setting server-wide, in practice.
I used only
Header unset X-Powered-By
in my .htaccess to remove the X-Powered-By header and it works perfect.
thanks!
Sorry, but one additional note:
If you copy and paste my commands below. Be sure to remove the quote marks and type them again manually, as this forum post system replaced my double-prime quote marks with real quote marks that won’t work on the Linux SSH comand line.
So if you copy and paste them as is, they will do nothing (I should have used the code tags or something, sorry).
Oh, and I meant to add that in the future, if you wish to check to make sure this header isn’t lurking about in some file somewhere, you can simply type the following command over SSH to check for it in the template files:
grep -H -r -i „PleskLin“ /usr/local/psa/
or in the vhosts:
grep -H -r -i „PleskLin“ /var/www/vhosts/system/
or in the main server configs:
grep -H -r -i „PleskLin“ /etc/httpd/
grep -H -r -i „PleskLin“ /etc/nginx/
🙂
If you are using Plesk with the nginx reverse proxy server, which is VERY common, the above fix won’t work. However, I do have a solution…after much trouble:
For those in a hurry, you can just edit the folowing files using the „vi“ editor over SSH:
/usr/local/psa/admin/conf/templates/default/server.php
/usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php
These are the templates that create the nginx.config files with the „X-Powered-By: PleskLin“ „add_header“ directive.
Just look for the directive in these files and delete or change it.
Then go into your Plesk panel and go to your „Websites & Domains“ section in the control panel, and then choose the domain you want to get rid of this for, click the drop-down arrow to see all the settings, then click „Web Server Settings“, and then just go to the bottom and click „ok“ to have Plesk use its template files (which you just cleverly modified) to auto-generate a new config file for nginx. Now, this header will no longer be added for this domain, or any new domain you add after this. (Note: you may also be able to use some built-in Plesk commands to rebuild all the config files automatically, but I did not want to try that–I don’t like lots of things happening behind the scenes that I can’t see or control, especially considering how sloppy and prone to error Plesk’s coding is).
Then reboot your server.
Ok, for those who want a bit more detail:
I tried and tried every other way (short or compiling nginx with the HttpHeadersMoreModule module), to get rid of this stupid (security-compromizing advertisement for Plesk) header. The config files that actually set it are in the /var/www/vhosts/system/ area and are auto-generated by Plesk every time you change „Web Server Settings“ (see above), or add a new domain. So changing them directly will not last for more than a short time. And changing each instance of these config files can take a long time if you have a lot of domains (just to be instantly undone later).
Also, since the „add_header“ directive in nginx can NOT be unset, you can’t do anything about it afterwards (unless you compile nginx with the HttpHeadersMoreModule module which allows you to do exactly that). I tried setting the „add_header“ directive myself using an include loaded after Plesk’s settings, but that did not work, as the nginx docs say it won’t (http://wiki.nginx.org/HttpHeadersModule).
The downside to this is that the next time Plesk updates those template files, you will lose your changes. But Plesk does not seem to update them that often (they’re just templates), and changing them does not cause any problems, and Plesk will not notice as far as I can tell. And changing them is quick and easy if they do get changed back.
Hope this helps someone save some time!
The holy grail!
Thanks a lot 😉
Awesome, thanks! Works perfectly on Plesk 11 as well 🙂
Brilliant! Worked perfect for me on Plesk 11.
That helped a lot. Works fine in Plesk 11. Thanks very much!
Plesk 11, on the .htaccess. Plesk cannot overwrite file
don’t work on plesk 11
Hi!
It works for me from Plesk 9 to Plesk 11. Which issue are you having? Maybe I can support you.
Best regards,
Boris