Verbose Server Banner is something that gives the clue to a external person about the details of the server used in the APIs. So it is essential to hide this information.

Typically, the APIs run behind a proxy or a Firewall. So this header can be modified at that layer. In this article, I will be explaining the mechanism to update this header in cases where the APIs are not deployed behind a proxy or a web application firewall.

Note: Running Flask Applications with the default server is not recommended for production.

Solution:

There is no option available in the Flask default server as it is meant for development purpose. There are options to add custom headers using the Flask’s make_response() function. But this method will not update the Server header.

The solution is to use a WSGI server like gunicorn infront of your Flask application. Gunicorn is a production grade WSGI server for Flask like frameworks. I have used this in several large scale applications.

Create a python file config.py with the below contents. You can set the value of gunicorn.SERVER to any value. This will override the Server header.

import gunicorn
gunicorn.SERVER = "HelloHello"

Note: For gunicorn versions lower than 20.1.0 you need to rename the variable to gunicorn.SERVER_SOFTWARE instead of gunicorn.SERVER

A sample flask application code for your reference is given below. The copy the below code to a python file with name app.py

from flask import Flask, make_response

app = Flask(__name__)

@app.route('/')
def hello():
    resp = make_response("Hello, World!")
    return resp

Now run the application using the below command.

gunicorn --config python:config.py app:app

Now hit the API from the browser and check the Server banner. As shown in the below image the Server banner gets updated with the custom value you configured.

I hope this article is helpful. Feel free to comment below this article if you have any questions or feedback.

Advertisement