Troubleshooting
Problem
After a security scan was run on the system, the vulnerability report showed Etags were being used in the response headers.
Symptom
.
Diagnosing The Problem
An IP trace on the IBM HTTP Server showed Etags were being displayed in the response header.
HTTP/1.1 200 OK
Date: Wed, 24 Aug 2011 16:53:55 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 03 Nov 2010 22:02:14 GMT
ETag: "11e2-c90-4942d31a24580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3216
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html
Resolving The Problem
There are two ways to remove the ETags in the httpd.conf file:
- Using 'FileETag None' will cause no ETag field to be included in the response if the document is file-based.
Edit the httpd.conf file and add the following lines:
FileETag None
- To only omit the Inode from the ETag, this can be done with the following syntax:
FileETag MTime Size
Verify that LoadModule headers_module modules/mod_headers.so is commented out in the httpd.conf file.
Save the changes in the httpd.conf and restart IBM HTTP Server for the changes to take affect.
Documentation reference for FileETag:
http://publib.boulder.ibm.com/httpserv/manual70/mod/core.html#fileetag
Note: It is advised to consult with the security scan vendor to determine how to get the scanner to stop reporting this CVE as a vulnerability if configuring FileETag for the HTTP Server does not do so.
Was this topic helpful?
Document Information
Modified date:
07 September 2022
UID
swg21566450