I am working on a private server application for a web based mobile game that uses php to generate responses. In order to do this I am trying to replicate the behavior of the main server as closely as possible.
The main server includes the standard Apache response headers Date and Server, however these headers are always preceded by the headers authorize, Content-Encoding, and Content-Type.
I am running apache 2.4.12 on Centos 6 and no matter what I try, the server always sends the Date and Server headers first.
So for example, the current header order:
HTTP/1.1 200 OK
Date: Mon, 18 May 2015 15:48:33 GMT
Server: Apache
authorize: <authToken>
Content-Encoding: gzip
Needs to be sent as:
HTTP/1.1 200 OK
authorize: <authToken>
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Sat, 16 May 2015 02:59:12 GMT
Server: Apache
I realize that the order of server fields shouldn't matter, however for the sake of not presenting anything that could be used to identify the server as being different than the original, I would like to preserve the original server's behavior.
My first impression was that this might be something changeable by modsecurity, however I've run into a dead end on that approach as the response headers don't appear to be changeable (like the response body is) beyond rewriting the server tag (which is fine as generated).
Mod_headers doesn't appear to be capable of touching the Server header either. It also doesn't seem to offer anything that could potentially change the order of the headers that are set.
Does anyone know of any way that would allow headers to be added above these two headers in an http response? I suspect some third party tool will be required.
