On Sun, Sep 02, 2001 at 02:14:32PM +0200, Cees van de Griend wrote:
On Sun, Sep 02, 2001 at 08:46:19AM +0200, Cliff Sarginson wrote:
My Apache web server announces it's type in detail when connected to.
So what. Do you know of any security problems with Apache in the last 2 years?
So what ! Do you imagine nobody is trying to find security problems ? This is a very complacent attitude.
I would like to change this to return bogus information for security purposes.
Ah, security by obscurity. This has nothing to do with security, only with a false secure feeling. But this is a totaly different discussion.
I asked for information...not a lecture! I am not under the illusion that this is a huge security measure, however the less information you give away the better.
Is this possible without changing the code and recompiling?
You can use the ServerTokens directive in /etc/httpd/httpd.conf and set it to 'ServerTokens ProductOnly'. Then it only reports 'Apache'.
Thank you. That is what I wanted to know. Cliff
See: http://www.apache.org/docs/mods/core.html#servertokens for more info.
Regards, Cees.