Disabling linkerd headers

Hi,

I’m looking in the configuration options https://linkerd.io/config/1.1.2/linkerd/index.html and I cannot find any configuration item there to disable the linkerd server token. What I mean is, when you request something to linkerd, it will respond in the headers like below:

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Length: 2503
l5d-success-class: 1.0
Via: 1.1 linkerd

I want to get rid of the Via header. I want to achieve to because of security guidelines we follow. Is this possible? If not, I will send a feature request on the github page.

Thanks!

Linkerd does not have a setting to clear the Via header. One option would be to use something like nginx to clear this header.

Not an RFC lawyer, but not setting this header may be a violation of RFC 2616. https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

(Which is probably fine if this option is off by default.)

Hi Alex / William,

Thanks for the reply(s). I agree with william that it would be in violation with that RFC. Another question, is it possible to to change the name? So old way:

Via: 1.1 linkerd

And make it like

Via: 1.1 myownstring

That would be fine as well. It’s mainly for identification if I read the RFC correctly.

Thanks!

The string is not configurable in Linkerd. You could use something like nginx to modify the header, however.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.