views:

198

answers:

4

I'm trying to hide the "Server" header returned by Apache on every request, from Varnish.

Using in sub vcl_fetch:

unset obj.http.Server;

on Varnish start I get:

Expected action, 'if' or '}'
(/etc/varnish/default.vcl Line 43 Pos 9)
    unset obj.http.Server;
--------#####-----------------

Any ideas?

+1  A: 

In recent versions (2.1 series) the response object is called beresp, and something like this in vcl_fetch does work (I just tested it on Varnish 2.1.0):

unset beresp.http.Server;

I installed the version you're using (1.1.2) and got the exact same behavior you mention; it would appear the unset keyword doesn't work, at least not in the vcl_fetch function. This is odd, as at least one example I found mentions using unset for that exact purpose.

If possible, I'd suggest upgrading to the latest Varnish, as I think it unlikely that, if the unset behavior you observed is a bug, the team will be willing to fix it.

Barring that, you might want to try setting Server to something else:

set obj.http.Server = "";
set obj.http.Server = "BogoServer Whatever"; 

Assuming your objective is to hide the server signature. If what you want is to eliminate the header altogether, I'd venture to say it can't be done with your version of Varnish.

Roadmaster
A: 

I'm using Varnish 1.1.2 Also tested with beresp and the same error occurs.

It's like it's something wrong with unset. Here's the full fetch:

sub vcl_fetch {
    unset obj.http.Server;
    # force minimum ttl of 6 hours
    if (obj.ttl < 6h) {
            set obj.ttl = 6h;
    }
}
Dude
Thanks for the clarification - I've updated my answer.
Roadmaster
A: 

I got around to install Varnish 2.1.2 which is the latest version to date. I no longer get any syntax errors, but the desired effect is not applied. This resilient header is still there.

sub vcl_fetch {
    unset beresp.http.Server;
    set beresp.http.Server = "Apache";
}

I use Firebug to peek at the headers, here's what I see:

Server  Apache/2.2.9 (Debian)

I've tried some variations like just unsetting and not setting, nothing works.

Can it be a problem of logic? Maybe the unset needs to be placed in a different sub. I tried placing it in both vcl_miss and vcl_deliver. Got "Variable 'beresp.http.Server' not accessible in method.." both times.

I've also tried setting a custom header and removing it. That didn't work either.

Dude
A: 

Fixed it eventually.

I had a return(pipe) in vcl_recv that made varnish never go into vcl_fetch where I was unsetting the header.

Dude