2 Sep
2001
2 Sep
'01
12:14
On Sun, Sep 02, 2001 at 08:46:19AM +0200, Cliff Sarginson wrote:
My Apache web server announces it's type in detail when connected to.
So what. Do you know of any security problems with Apache in the last 2 years?
I would like to change this to return bogus information for security purposes.
Ah, security by obscurity. This has nothing to do with security, only with a false secure feeling. But this is a totaly different discussion.
Is this possible without changing the code and recompiling?
You can use the ServerTokens directive in /etc/httpd/httpd.conf and set it to 'ServerTokens ProductOnly'. Then it only reports 'Apache'. See: http://www.apache.org/docs/mods/core.html#servertokens for more info.
thanks Cliff
Regards, Cees.