httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Return Version
Date Thu, 29 Aug 2002 04:52:51 GMT
from the docs:

The |ServerAdmin| and |ServerTokens| directives control what information 
about the server will be presented in server-generated documents such as 
error messages. The |ServerTokens| directive sets the value of the 
Server HTTP response header field.

The |ServerName| and |UseCanonicalName| directives are used by the 
server to determine how to construct self-referential URLs. For example, 
when a client requests a directory, but does not include the trailing 
slash in the directory name, Apache must redirect the client to the full 
name including the trailing slash so that the client will correctly 
resolve relative references in the document.

------------------------------------------------------------------------

this might be a way to get apache to not identify itself, not lie but at 
least no hand out information about the server and box.

John K. Sterling wrote:

>
> On Wednesday, August 28, 2002, at 10:03 AM, Chris Taylor wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Recompile it and change the version somewhere in the source.
>>
>> Apache won't lie like you want out-of-the-box :)
>>
>> Out of interest, why make it lie for the audit? You have an
>> up-to-date version that works very well and is pretty secure.
>>
>
> It has nothing to do with the current opinion about this version of 
> apache - It is not uncommon people consider it a security issue to 
> immediately divulge your what os/app/version you are running....
>
> sterling
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message