This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Unable to Remove Header in RaiseFault Policy

Posted on 07-28-2016 09:30 AM
williamking
New Member
Reply posted on --/--/---- --:-- AM

I am trying to remove the "Server" header from my Raise Fault policy (specific documentation here).

I have the chunk below in the policy, but it does not work.

<FaultResponse>
  <Remove>
    <Headers>
      <Header name="Server"/>
    </Headers>
  </Remove>

Here's the response header:

HTTP/1.1 500 Internal Server Error
Date: Thu, 28 Jul 2016 16:16:37 GMT
Content-Type: application/json
Content-Length: 68
Connection: keep-alive
Server: Apigee Router

If I change the policy to instead Set the "Server" header value, it works. 

HTTP/1.1 500 Internal Server Error
Date: Thu, 28 Jul 2016 16:19:33 GMT
Content-Type: application/json
Content-Length: 68
Connection: keep-alive
Server: My Server
1 4 632
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Maybe the reason for that phenomenon, is that the Server header is injected by the Apigee Router, in other words AFTER the RaiseFault runs. But the Router sets the header only if one is not already present.

Not sure about this - you should be able to verify it using Trace.

0 Likes

Posted on --/--/---- --:-- AM
Tomasz_Kowalczy
New Member
In response to DChiesa
Reply posted on --/--/---- --:-- AM

Hi @williamking and @Dino,

Have you resolved the issue and were able to remove 'Server' header? Overriding the header to any default option is not a use case for me.

Regards,

Tomasz

0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to Tomasz_Kowalczy
Reply posted on --/--/---- --:-- AM

I did not pursue the issue further. I suggest you open a ticket with Apigee Support inquiring how you can get a response from Apigee Edge that includes no server header. It may be possible with an organization setting. . .

@Tomasz.Kowalczyk

Good luck!

0 Likes

Posted on --/--/---- --:-- AM
brentstains
New Member
Reply posted on --/--/---- --:-- AM

First, if you want to deal with the Server header, it seems from the community boards as well as support case feedback I got from Apigee......you can't remove it. As Dino mentioned, Apigee injects that if one isn't present.

That said, you can override it yourself by just setting the header to a value you want like "N/A" or whatever.

The issue of course, is when you raise a fault, it bypasses your AssignMessage policy in the Post flow. As such, the next option is to set the header values in the RaiseFault policy like shown below.

<RaiseFault async="false" continueOnError="false" enabled="true" name="Raise-Fault-1"> <DisplayName>Raise Fault-1</DisplayName> 
<Properties/> <FaultResponse> 
<Set> 
<Headers> 
<Header name="Server">N/A</Header> 
<Header name="X-Powered-By">N/A</Header>
</Headers>
...
...
</RaiseFault>

Note that I also override the "X-Powered-By" header just in case. It's a known "leaky" header.

There may be more sophisticated ways to not have to set the headers in the post flow and faults, but that's what I have working at this time in our environment.

0 Likes