LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   AIX (http://www.linuxquestions.org/questions/aix-43/)
-   -   How to edit Apache server banner in AIX 7.1 (http://www.linuxquestions.org/questions/aix-43/how-to-edit-apache-server-banner-in-aix-7-1-a-4175446177/)

balamuruganpalani 01-18-2013 07:25 AM

How to edit Apache server banner in AIX 7.1
 
Dear Experts,

1. I have installed apache 2.2.22 version for web interface in AIX 7.1 server
2. i am using the apache for req routing using re write rule (mod writers)
3. in the year of 2008 my collegue compiled the apache with openssl version OpenSSL/0.9.8k
4. This version is having security threads and hence the info sec team advised to update he openssl to new version.
5. But Now my apache architecture is not using openssl so i have removed the openssl from the server and recomplied the apache with latest verson 2.2.22.

still when a http req hit the server it is showing the banner "Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8k"
-------------------------------------------------
hulstms> telnet inpartnerdev.u.com 80
Trying...
Connected to inpartnerdev.u.com.
Escape character is '^]'.

GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Thu, 17 Jan 2013 11:58:02 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8k
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Connection closed.


Desired Output :-

hulstms> telnet inpartnerdev.u.com 80
Trying...
Connected to inpartnerdev.u.com.
Escape character is '^]'.

GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Thu, 17 Jan 2013 11:58:02 GMT
Server: Apache/2.2.22 (Unix)
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Connection closed.


Only because of this the security team is commenting red in audit.
do u know the location of this banner file where i can manually edit that.

Regards
Bala

thesnow 01-18-2013 07:53 AM

I am unsure precisely where the file will be in AIX, but in Ubuntu/Mint there is a file at /etc/apache2/conf.d/security that has a directive ServerTokens. Change to your liking and restart Apache. 'Minimal' appears to be what you're after. 'Prod' will return only "Apache".

Code:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Minimal
#ServerTokens OS
#ServerTokens Full


NevemTeve 01-28-2013 08:33 AM

The solution (in theory) is quite easy:
Install OpenSsl-0.9.8x from source (or 1.0.0j or 1.0.1c).
Install Apache-2.2.23 from source (or 2.4.3)
Enjoy;)


All times are GMT -5. The time now is 08:07 PM.