httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Darragh Gammell" <dbgsyst...@gmail.com>
Subject [users@httpd] HTTP reply. Too much systems information displayed.
Date Tue, 04 Sep 2007 05:50:29 GMT
Hi

Recently we had a a security audit, one of the issues stated was that our
servers report too much information which hackers can use.

see output from a netcraft site report.




OWNER       IP                 OS    WebServer
OWNER 123.123.123.123 Linux Apache
OWNER 123.123.123.123 Linux Apache/2.0.54 Ubuntu PHP/5.0.5-2ubuntu1
mod_ssl/2.0.54 OpenSSL/0.9.7g
OWNER 123.123.123.123 Linux Apache/1.3.34 Debian PHP/5.1.2
mod_gzip/1.3.26.1a mod_ssl/2.8.25 OpenSSL/0.9.8a mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.33 Debian GNU/Linux PHP/5.0.4
mod_gzip/1.3.26.1a mod_ssl/2.8.22 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.31 Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.19 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.29 Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.29 Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.27 Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.27 Unix Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b DAV/1.0.3
OWNER 123.123.123.123 Linux Apache/1.3.27 Unix Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7a DAV/1.0.3


Does anyone know how to configure apache not to give this information out in
its http replies.

Thanks in advance

Darragh

Mime
View raw message