httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schulte <>
Subject Re: Turning off Apache's default response
Date Fri, 26 Jul 2002 16:46:33 GMT
At 11:28 AM 7/26/2002 -0500, Kenny G. Dubuisson, Jr. wrote:
>I do not want anyone seeing this with the version of Apache we use for
>security purposes.  If someone could tell me where this message is generated
>and I could change it, I would greatly appreciate it.

Security through obscurity is never a great answer, but:

ServerSignature Off

Will do as you request for server-generated documents.

Your apache server version number is available to anyone via other methods 
as well.
Also see:
There may be others too.

Even if you manage to strip version info from apache, OS fingerprinting can 
narrow down
probable server software on a particular host.  Etc.  Etc.

Your best bet is to secure the services from the start.

>Kenny Dubuisson
>Gulfport, Mississippi, USA

Christopher Schulte
Do not un-munge my
email address.  This address is valid.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message