My application is directed from http to https. I have security issue to remove the server info in response header. I could see no server info in http response.. but once it is redirected to https, in the response header still the server info exists. how to remove the server info in both the cases... using WAS 6.1,webserver IHS 6.1. any chages to be done in httpd.conf file...thanks in advance...
IHS is an apache based server. To make it less talky about itself you need to add (or modify) a few directives. In short you need to find a line saying ServerTokens and make sure it reads ServerTokens Prod (add the line if it does not exist). ServerTokens reference
Also double check for a line with thte directive ServerSignature. If it does exist it should read ServerSignature Off (which is default) ServerSignature reference
If this is not enough, you can modify the response headers directly. To do that you would need to add a directive like Header unset Server which would remove all response headers with the name Server. Make sure this is what you want though! Header reference
Finally, remember to restart your IHS after you're done with the changes.