Clean Response

June 22nd, 2013

Clean ResponseWhen using GZIP compression, Joomla adds an X-Content-Encoded-By response header with a value of “Joomla! 2.x”. This allows attackers to quickly determine that your site is running on Joomla (and get the version).

Many people think that the generator tag is the last Joomla reference they need to remove (see my ByeByeGenerator plugin). Those people miss the response header.

This plugin allows an administrator to alter that response value to “PHP” (the plugin default), or a user supplied text value.

Note: If you have a system plugin that utilizes JResponse and is loaded BEFORE Clean Response, this plugin will have no effect on your response headers. Put Clean Response before other system plugins in your plugins list. YOUR HOST MUST SUPPORT STREAM WRAPPERS OR YOU WILL EXPERIENCE THE SAME ISSUE AS OLIN IN THE REVIEWS BELOW.

Your server must support stream wrappers, allow_url_include (for the php://data type), allow writing to the plugins/system/cleanresponse/preempt folder, or eval(). The plugin will choose the best option that is available in your system.

Update 1.4: Resolved PHP Strict Standards error – nothing serious
Version 1.5 Joomla 3.0 compatibility
Version 1.6 – prevent whitescreen on hosts that use unknown method to disable stream wrappers.
Version 2.0 – add 3 additional methods for override to accommodate very restrictive hosts
Version 2.1 – provide options to disable methods that cannot be verified on certain hosts

4/26/2012 – Joomla 1.5/1.6/1.7 availability and support withdrawn.

All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the “Website” link to make a contribution.