Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Apache version info
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hama
n00b
n00b


Joined: 17 Jan 2004
Posts: 42
PostPosted: Tue Jan 20, 2004 6:57 pm    Post subject: Apache version info Reply with quote
Is it possible to change what Apache tell about server:

Apache/2.0.48 (Gentoo/Linux) mod_ssl/2.0.48 OpenSSL/0.9.6k PHP/4.3.4 Server at domain.com Port 80


I like to change: "Gentoo/Linux" to "MS Windows IIS" =)
Back to top
View user's profile Send private message
Earthwings
Bodhisattva
Bodhisattva


Joined: 14 Apr 2003
Posts: 7753
Location: Germany
PostPosted: Tue Jan 20, 2004 7:37 pm    Post subject: Reply with quote
Nearly everything is possible in Gentoo, but advanced features like this are only included in Microsoft Linux.
Back to top
View user's profile Send private message
kashani
Advocate
Advocate


Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
PostPosted: Tue Jan 20, 2004 7:39 pm    Post subject: Reply with quote
Check these
http://nlug.org/mail/nlug__2001_07/0221.html
http://httpd.apache.org/docs/mod/core.html#serversignature

I thought there was a way to change the server sig using only the serversig confug line, but apparently not.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
PostPosted: Wed Jan 21, 2004 12:58 am    Post subject: Reply with quote
You should always have the ServerTokens directive to ProductOnly as this only advertises that it's an Apache server. No OS, version or module info is exposed.

There are other ways to tell if it's an Apache, IIS, etc server so this is harmless and good :)

If the version or modules were exposed then an attack is easier as the attacker knows weakness in the version.
Back to top
View user's profile Send private message
soulwarrior
Guru
Guru


Joined: 21 Oct 2002
Posts: 331
PostPosted: Fri Jan 21, 2005 10:15 am    Post subject: Reply with quote
I think this only helps to hide the Apache version from simple scan attempts, as there exists tools like httprint, which can perform webserver fingerprinting with several criterias comparable to the os-fingerprinting from nmap.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy