Hey Darragh,
Checkout http://httpd.apache.org/docs/1.3/mod/core.html#serversignature
for your 1.3 servers, and
http://httpd.apache.org/docs/2.0/mod/core.html#serversignature for your
2.0 server.
Also, then check out the ServerTokens directive too.
Hope this helps,
Scott.
Darragh Gammell wrote:
Hi
Recently we had a a security audit, one of the issues stated was that
our servers report too much information which hackers can use.
see output from a netcraft site report.
OWNER IP OS WebServer
OWNER 123.123.123.123
Linux Apache
OWNER 123.123.123.123
Linux Apache/2.0.54 Ubuntu PHP/5.0.5-2ubuntu1 mod_ssl/2.0.54
OpenSSL/0.9.7g
OWNER 123.123.123.123
Linux Apache/1.3.34 Debian PHP/5.1.2 mod_gzip/1.3.26.1a mod_ssl/2.8.25
OpenSSL/0.9.8a mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.33 Debian GNU/Linux PHP/5.0.4 mod_gzip/1.3.26.1a
mod_ssl/2.8.22 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3
OWNER
123.123.123.123 Linux Apache/1.3.31 Debian GNU/Linux
mod_gzip/1.3.26.1a mod_ssl/2.8.19 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.29 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16
OpenSSL/0.9.7c mod_perl/1.29 DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.29 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16
OpenSSL/0.9.7c DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.27 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14
OpenSSL/0.9.7b DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.27 Unix Debian GNU/Linux mod_gzip/1.3.26.1a
mod_ssl/2.8.14 OpenSSL/0.9.7b DAV/1.0.3
OWNER 123.123.123.123
Linux Apache/1.3.27 Unix Debian GNU/Linux mod_gzip/1.3.26.1a
mod_ssl/2.8.14 OpenSSL/0.9.7a DAV/1.0.3
Does anyone know how to configure apache not to give this information
out in its http replies.
Thanks in advance
Darragh
|
