Hi all! I always try to hide as many details about the services I'm running as possible. I don't want, for example, my ftpd to tell everyone that it's ProFTP 1.2.0 on an i386 running SuSE 7.0 or whatever. Legitimate users don't need this info, and I don't want hackers to be able to get it by just establishing a regular connection. Of course this is easy to do for most service, but I haven't managed this with Apache. Just surfing to a non-existing page, for example, gives out an error message like this:

Apache/1.3.12 Server at rulbii.leidenuniv.nl Port 80

How do I stop Apache from telling that it is Apache 1.3.12? I have worked my way through httpd.conf, I've read the manual, but still I have no clue... Can anyone help me? Thanks! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------

Hi Kilian! On Fri, 6 Oct 2000, Kilian Huber wrote:

The ServerTokens and ServerSignature directives may be your friend, see

http://www.apache.org/docs/mod/core.html#servertokens http://www.apache.org/docs/mod/core.html#serversignature

Thanks a lot!

If this does not satisfy, use the source :)

I thought of that too... but I guessed there would be a more elegant way of doing it :o) Cheers! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------