Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP attack looking for /sumthin ?

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sat, 19 Oct 2002 01:06:56 +0200 (CEST)
On Fri, 18 Oct 2002, Patrick Oonk wrote:


Add the lines

      ServerTokens prod
      ServerSignature no

to your Apache config (httpd.conf) to prevent the server from disclosing 
this information.


ServerTokens ProductOnly
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
ServerSignature Off

According to the build in instructions, online manual and FAQ. 
http://httpd.apache.org/docs/misc/FAQ-E.html#serverheader
http://httpd.apache.org/docs/mod/core.html

But do not expect to gain much security.

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: