httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Return Version
Date Thu, 29 Aug 2002 05:09:33 GMT
yup, read a bit further, turn servertokens off to remove all the data 
about the box.
default is full info.

J. Greenlees wrote:

> from the docs:
>
> The |ServerAdmin| and |ServerTokens| directives control what 
> information about the server will be presented in server-generated 
> documents such as error messages. The |ServerTokens| directive sets 
> the value of the Server HTTP response header field.
>
> The |ServerName| and |UseCanonicalName| directives are used by the 
> server to determine how to construct self-referential URLs. For 
> example, when a client requests a directory, but does not include the 
> trailing slash in the directory name, Apache must redirect the client 
> to the full name including the trailing slash so that the client will 
> correctly resolve relative references in the document.
>
> ------------------------------------------------------------------------
>
> this might be a way to get apache to not identify itself, not lie but 
> at least no hand out information about the server and box.
>
> John K. Sterling wrote:
>
>>
>> On Wednesday, August 28, 2002, at 10:03 AM, Chris Taylor wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Recompile it and change the version somewhere in the source.
>>>
>>> Apache won't lie like you want out-of-the-box :)
>>>
>>> Out of interest, why make it lie for the audit? You have an
>>> up-to-date version that works very well and is pretty secure.
>>>
>>
>> It has nothing to do with the current opinion about this version of 
>> apache - It is not uncommon people consider it a security issue to 
>> immediately divulge your what os/app/version you are running....
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message