httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Setup HTTP server
Date Sat, 12 Apr 2003 00:22:59 GMT

On Fri, 11 Apr 2003, Loc Nguyen wrote:

> I am doing this because there is a lot of hacker is using the result of
> the OPTIONS method to fingerprint the web server. Dropping this
> information help to protect the server a little bit more.
>

Not really.  The way to protect your server is to keep it secure, not to
hide insecurity.  Dropping OPTIONS just makes your server less useful.

Trying to hide the identify of your server doesn't help because:

1. Stupid skript-kiddies don't really care what you are running.  They
just try every hack against every IP address they can find.

2. Smart crackers will be able to find information about your server in
hundreds of different ways with or without OPTIONS.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message