httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loc Nguyen <...@piniongroup.com>
Subject Re: [users@httpd] Setup HTTP server
Date Sat, 12 Apr 2003 00:25:25 GMT
I am doing this because there is a lot of hacker is using the result of
the OPTIONS method to fingerprint the web server. Dropping this
information help to protect the server a little bit more. 

I will try your recommendation. 
Thanks a lot.

Loc Nguyen
On Fri, 2003-04-11 at 16:58, Joshua Slive wrote:
> 
> On Fri, 11 Apr 2003, Loc Nguyen wrote:
> > I am running an Apache web server version 1.3.26 on Debian Linux.
> > By default, the web server returns the server version as "Server:
> > Apache/1.3.26 (Unix) Debian GNU/Linux". Can I change this to say
> > something like "Server: Webserver" ? I don't want to give out too much
> > information about the web server.
> >
> > Another question: When I telnet to the web server and issuing "OPTIONS
> > *" method, I get back "Allow: GET, HEAD, OPTIONS, TRACE". Can I reject
> > the OPTIONS method request with a 400 Bad Request error message ?
> 
> Seems like a silly thing to do with your time.  How is this at all
> dangerous?
> 
> Anyway, have you tried
> 
> <Location />
> <Limit OPTIONS>
> Order allow,deny
> Deny from all
> </Limit>
> </Location>
> 
> This will give you a 403 rather than a 400, but sending back a 400 in this
> case seems to me like a violation of the HTTP standards.
> 
> Joshua
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message