Strony

środa, 12 grudnia 2007

Apache Server Token changing

My friend (xoff) showed me his trick about ServerToken changing. It looks nice, and can be a little bit more secure (for sure it kills the robots) than line simply showed by my apache server:
Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7.........

Can be limited by changing in your apache.conf:
ServerTokens Full

to:
ServerTokens Prod

note that if no option is set the default is Full (read more at apache documentation)

But if you really want to have somethins different, just use mod_security module, and add
SecServerSignature "someCOOLapacheName v1.1.1.1.1.1.0"

note that you have to set ServerTokens to Full option to see the effects of SecServerSignature.



0 komentarze: