From 8c6ac52ef6a8fecd2c49cebbd7a22e5eb805dad6 Mon Sep 17 00:00:00 2001
From: Marcel Herrguth <mh@zammad.com>
Date: Wed, 30 Dec 2020 16:55:31 +0100
Subject: [PATCH] Fixes #3253 - Remove ServerTokens from apache configurations

---
 contrib/apache2/zammad.conf     |  6 +++---
 contrib/apache2/zammad_ssl.conf | 19 ++++++-------------
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/contrib/apache2/zammad.conf b/contrib/apache2/zammad.conf
index b0c970e1d..8d90ab7b7 100644
--- a/contrib/apache2/zammad.conf
+++ b/contrib/apache2/zammad.conf
@@ -2,13 +2,13 @@
 # this is the apache config for zammad
 #
 
+# security - prevent information disclosure about server version
+ServerTokens Prod
+
 <VirtualHost *:80>
     # replace 'localhost' with your fqdn if you want to use zammad from remote
     ServerName localhost
 
-    # security - prevent information disclosure about server version
-    ServerTokens Prod
-
     ## don't loose time with IP address lookups
     HostnameLookups Off
 
diff --git a/contrib/apache2/zammad_ssl.conf b/contrib/apache2/zammad_ssl.conf
index e718ebf42..fca91a1d6 100644
--- a/contrib/apache2/zammad_ssl.conf
+++ b/contrib/apache2/zammad_ssl.conf
@@ -1,18 +1,14 @@
 #
-# this is an example apache 2.4 config for zammad with free letsencrypt.org ssl certificates
-# replace all occurrences of example.com with your domain
-# create letsencrypt certificate by: certbot certonly --webroot -w /var/www/html -d www.example.com
-# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
-# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
-# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
+# this is an example apache 2.4 config for zammad
+# Please visit https://docs.zammad.org for further input on how to configure
+# your apache to work with Zammad
 #
 
+# security - prevent information disclosure about server version
+ServerTokens Prod
+
 <VirtualHost *:80>
     ServerName example.com
-
-    # security - prevent information disclosure about server version
-    ServerTokens Prod
-
     Redirect permanent / https://example.com
 </VirtualHost>
 
@@ -29,9 +25,6 @@
     # replace 'localhost' with your fqdn if you want to use zammad from remote
     ServerName localhost
 
-    # security - prevent information disclosure about server version
-    ServerTokens Prod
-
     ## don't loose time with IP address lookups
     HostnameLookups Off