Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I did a small check of my server, and didnt like what I found!
The one thing that REALLY stands out is the version number. But I'd like to see the hole line go. So here are my Q's
1 How can I hide the server info!
2 Besides the browser side effects (I assume). Are there more to think of?
HTTP/1.1 400 Bad Request
Date: Sat, 15 Jan 2005 17:11:16 GMT Server: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
The request line contained invalid characters following the protocol string.<P>
<P>
<HR>
<ADDRESS>Apache/1.3.26 Server at example.com Port 80</ADDRESS>
</BODY></HTML>
#--------------------------------------------------------------------#
# ServerTokens This directive configures what you return as the
# Server HTTP response Header. The default is 'Full' which sends
# information about the OS-Type and compiled in modules. Set to one
# of: Full | OS | Minor | Minimal | Major | Prod where Full conveys
# the most information, and Prod the least.
I was just thinking about that today actually... I read an article a while ago (or maybe a post) saying you can change the string at compile time in one of the header files (*.h) in the src/ directory. I cant remember which one, you could try grepping for it. I think it would be funny to change the name to a different Apache version to throw off would-be hackers quite a bit.
My thoughts exactly. Or maybe have it report IIS! lol
Now, the only problem is; what is compiling? lol
I guess I have to postpone this untill I got me some more knowledge. And it looks like compiling is heading up on my list.
its not that hard, theres plenty of sites that give you step by step instructions on the compile process, and usually how to do it for each individual projects
Well, if you look at the first post you see that Apache gives it self away both at the top and the bottom. The top one is ok. But the bottom one will not change with the ServerToken.
BTW Just tested "Off" didnt work on 1.3.
Ah...crap. Didnt read your post fully. I'll check the ServerSignature
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Tryed to hack your own server lately?
