Hello: I am trying to reduce the amount of information given out when someone tries to Banner Grab for Version information. I read that "ServerToken" directive in httpd.conf file will limit the amount of information given out. First off I didn't find the "ServerToken" in the httpd.conf with a search. So I added it in the Global Setting section (where I found it on RedHat box). Set it to "ServerToken Prod" or "OS" or "Min" no quotation marks of course. I found "ServerSignature On" changed it to "Off", restarted httpd, and then ran "HEAD / HTTP/1.0" and it still comes back with HEAD / HTTP/1.0 200 OK Content-Length: 720 Content-Type: text/html Last-Modified: Wed, 11 May 2005 20:16:21 GMT Client-Date: Tue, 31 May 2005 04:49:32 GMT 404 Not Found Date: Tue, 31 May 2005 04:31:44 GMT Server: Apache/2.0.49 (Unix) PHP/4.3.9 # How do I get rid of this an say something else Content-Length: 1335 Content-Type: text/html; charset=ISO-8859-1 Client-Date: Tue, 31 May 2005 04:49:33 GMT Client-Response-Num: 1 Proxy-Connection: close X-Cache: MISS from firewall.domainname X-Powered-By: PHP/4.3.9 # How do I get rid of this and say something else I guess my question should be what controls the amount of information given out ServerTokens, ServerSignature, or something else? And to configure these items do I make my changes in the httpd.conf, or httpd.conf.SuSEconfig, or in /etc/sysconfig/apache? Which file and variable controls what gets displayed. I have made changes to SeverTokens and ServerSignature in httpd.conf and httpd.conf.SuSEconfig, and HTTPD_SEC_SAY_FULLNAME directive to "no" in /etc/sysconfig/apache at different times and then restarted the httpd with rchttpd restart, and then did the "HEAD / HTTP/1.0" from the command line and I always get the above with no changes. What AM I DOING WRONG? Any help here would be appreciated. Thanks: Steve
Hello, Am Dienstag, 31. Mai 2005 07:23 schrieb steve nutt:
I am trying to reduce the amount of information given out when someone tries to Banner Grab for Version information. I read that "ServerToken" directive in httpd.conf file will limit the amount of information given out. First off I didn't find the "ServerToken" in the httpd.conf with a search. So I added it in the Global Setting section (where I found it on RedHat box). Set it to "ServerToken ^^^^^^^^^^^ Typo? Should be ServerTokens AFAIK - you missed the s at the end.
Prod" or "OS" or "Min" no quotation marks of course.
Hmm, ServerTokens Prod (or Min) should do the job.
I found "ServerSignature On" changed it to "Off",
OK. Look at an index or error page to verify that it is really off.
restarted httpd,
Sure? (Sorry for asking, but your problem sounds like you didn't ;-) [...]
X-Powered-By: PHP/4.3.9 How do I get rid of this and say something else
expose_php = off in /etc/php.ini Regards, Christian Boltz -- A lot of us don't speak chinese - should we switch to this language to enable 1 billion people to read this list too? :) [Wolfgang Post in suse-laptop]
participants (2)
-
Christian Boltz
-
steve nutt