Splunk's Cherrypy httpd server version info disabl...

clyde772 · ‎01-16-2012

Hey Splunkers,

I have a question about Splunk security itself. I was told by one of my customer that cherrypy (Splunk Python based web server) returns with version info like this "CherryPy httpd 3.1.4" which showing the version of the server is a vurnerabilty. The customer told me to disable the httpd server info at connection.

Is there anyone know hows to disable "Cherrypy httpd" version info from cherrypy web requests?

rodrigorsilva · ‎02-12-2016

Hi,

I had a specific case with the same need and got success by changing the file:

$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py

Find the line:

'tools.staticdir.strip_version' : False,

Change to:

'tools.staticdir.strip_version' : True,

Good luck

rodrigorsilva · ‎02-12-2016

Hi,

I had a specific case with the same need and got success by changing the file:

$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py

Find the line:

'tools.staticdir.strip_version' : False,

Change to:

'tools.staticdir.strip_version' : True,

Good luck

dwaddle · ‎01-16-2012

I think it is debatable that showing the version of a component is a "vulnerability". Trying to hide it is little more than security by obscurity. That said, sometimes it is far, far easier to just hide the version than convince a stupid vulnerability scanner of its false positives.

To my knowledge, Splunk provides no out-of-the-box way of doing this. If this is necessary, I would recommend filing an Enhancement Request with Splunk support. Describe why this functionality is important to you, as this helps Splunk project management prioritize work.

Splunk's Cherrypy httpd server version info disable

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor