środa, 12 grudnia 2007

Apache Server Token changing

My friend (xoff) showed me his trick about ServerToken changing. It looks nice, and can be a little bit more secure (for sure it kills the robots) than line simply showed by my apache server:
Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7.........

Can be limited by changing in your apache.conf:
ServerTokens Full

ServerTokens Prod

note that if no option is set the default is Full (read more at apache documentation)

But if you really want to have somethins different, just use mod_security module, and add
SecServerSignature "someCOOLapacheName v1."

note that you have to set ServerTokens to Full option to see the effects of SecServerSignature.

0 komentarze: