Univention Bugzilla – Bug 51294
Make Apache ServerSignature configurable via UCR
Last modified: 2021-01-11 15:36:52 CET
The apache configuration ServerSignature and "ServerTokens Prod" enhance the security by not showing the Apache&UCS version - at least customer*s think that it increases security, while there are a lot of ways to receive the UCS version without these headers. We should make them configurable via UCR. Here they are hardcoded: /etc/apache2/conf-available/security.conf:#ServerSignature Off /etc/apache2/conf-available/security.conf:ServerSignature On /etc/apache2/conf-available/ucs.conf:ServerSignature On
Created attachment 10539 [details] patch
The following apache configuration can now be done via UCR: [apache2/server-limit] Description[de]=Definiert den Wert der Apache Konfiguration "ServerLimit". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#serverlimit>. Description[en]=Defines the value of the apache configuration "ServerLimit". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit>. Type=int Categories=service-apache [apache2/start-servers] Description[de]=Definiert den Wert der Apache Konfiguration "StartServers". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#startservers>. Description[en]=Defines the value of the apache configuration "StartServers". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers>. Type=int Categories=service-apache [apache2/max-request-workers] Description[de]=Definiert den Wert der Apache Konfiguration "MaxRequestWorkers". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#maxrequestworkers>. Description[en]=Defines the value of the apache configuration "MaxRequestWorkers". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers>. Type=int Categories=service-apache [apache2/min-spare-threads] Description[de]=Definiert den Wert der Apache Konfiguration "MinSpareThreads". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#minsparethreads>. Description[en]=Defines the value of the apache configuration "MinSpareThreads". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads>. Type=int Categories=service-apache [apache2/max-spare-threads] Description[de]=Definiert den Wert der Apache Konfiguration "MaxSpareThreads". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#maxsparethreads>. Description[en]=Defines the value of the apache configuration "MaxSpareThreads". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads>. Type=int Categories=service-apache [apache2/threads-per-child] Description[de]=Definiert den Wert der Apache Konfiguration "ThreadsPerChild". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#threadsperchild>. Description[en]=Defines the value of the apache configuration "ThreadsPerChild". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild>. Type=int Categories=service-apache [apache2/server-signature] Description[de]=Definiert den Wert der Apache Konfiguration "ServerSignature". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#serversignature>. Description[en]=Defines the value of the apache configuration "ServerSignature". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#serversignature>. Type=str Categories=service-apache [apache2/server-tokens] Description[de]=Definiert den Wert der Apache Konfiguration "ServerTokens". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#servertokens>. Description[en]=Defines the value of the apache configuration "ServerTokens". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#servertokens>. Type=str Categories=service-apache [apache2/server-admin] Description[de]=Definiert den Wert der Apache Konfiguration "ServerAdmin". Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin>. Description[en]=Defines the value of the apache configuration "ServerAdmin". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin>. Type=str Categories=service-apache univention-apache.yaml e1a99e6a458e | YAML Bug #51294 univention-apache (11.0.1-20) 35b569948cdc | Bug #51294: make Apache configuration possible via UCR
UCRVs: OK Apache config: OK YAML: OK
<https://errata.software-univention.de/#/?erratum=4.4x792>
I've got question concerning the configuration of apache via UCR. AFAIK, in UCS is actually PHP 7.0 implemented, compiled only with support for Prefork MPM. I understood the apache documentation in the way, that when Prefork MPM is used, Max/MinSpareThreads will have no effect, because for every http-worker a new process is created, not a new thread? If that is true, two additional UCR variables for Max/MinSpareServers are necessary, or the existing variables need to be changed? https://httpd.apache.org/docs/2.4/de/mod/prefork.html
(In reply to Thorger Ahrens from comment #5) > I've got question concerning the configuration of apache via UCR. > > AFAIK, in UCS is actually PHP 7.0 implemented, compiled only with support > for Prefork MPM. > > I understood the apache documentation in the way, that when Prefork MPM is > used, Max/MinSpareThreads will have no effect, because for every http-worker > a new process is created, not a new thread? > > If that is true, two additional UCR variables for Max/MinSpareServers are > necessary, or the existing variables need to be changed? > > https://httpd.apache.org/docs/2.4/de/mod/prefork.html This Bug is in "CLOSED" status. If you need further changes please file a new bug or initiate a discussion on help.univention.com. Thanks!