<IfModule headers_module> Header unset Etag FileETag none </IfModule>
to /.../Lev1/Web/WebServer/conf/httpd.conf and restart the web server.
Disclaimer: I have no idea if or how that might affect the SAS webapps.
That should work, but let me ask you, why are you wanted to remove Etag header information? We do not recommend making to do any changes in http.conf, unless they were suggested by technical support. What are you trying to achieve?
on most of the big companies, or companies where security is not a must, but also there are audit procedures, they have periodic checks specially meant for the web applications, where alarms may raise, such as the Poodle and others related to SSL.
As consultant, I received several request on several clients to close this vulnerability. Of course, for the first request, I did my homework checking with SAS Technical Support. Once I had the green light, I did the change and some validations, no problem.
I feel curious: how come that this vulnerability is not included in https://support.sas.com/en/security-bulletins.html and not included on a hotfix? Is it in use by any SAS Web application?
I do not have any details about this vulnerability, but I would suggest to open a technical support track and request that information. We have a specific procedure that we need to follow when contacting Product Security Incident Response Team (PSIRT), so only this team can respond.
Have a look at https://communities.sas.com/t5/SASware-Ballot-Ideas/Keep-3rd-party-software-current/idi-p/355959, where I suggested that SAS should keep the third-party web server software (apache and tomcat, both open-source) up-to-date, better than it is doing now.
How did you restart the web server? I recommend using
(issued as the SAS install user)
then check if no httpd process is still running (ps -e|grep httpd)
and then issue
(again as SAS install user)
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.
Find more tutorials on the SAS Users YouTube channel.