httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schulte <schulte+apa...@nospam.schulte.org>
Subject Re: Turning off Apache's default response
Date Fri, 26 Jul 2002 16:46:33 GMT
At 11:28 AM 7/26/2002 -0500, Kenny G. Dubuisson, Jr. wrote:
>I do not want anyone seeing this with the version of Apache we use for
>security purposes.  If someone could tell me where this message is generated
>and I could change it, I would greatly appreciate it.

Security through obscurity is never a great answer, but:

ServerSignature Off

Will do as you request for server-generated documents.

Your apache server version number is available to anyone via other methods 
as well.
Also see: http://httpd.apache.org/docs/mod/core.html#servertokens
There may be others too.

Even if you manage to strip version info from apache, OS fingerprinting can 
narrow down
probable server software on a particular host.  Etc.  Etc.

Your best bet is to secure the services from the start.

>Thanks,
>Kenny Dubuisson
>kdubuisson@kcmria.com
>Gulfport, Mississippi, USA

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message