hi all,
I am running ubuntu 10.10 on my system.
I am trying to change the header of Apache2 Server using the mod_header. The objective is that no one should be able to retrieve the Apache banner, OS, etc, by telnetting into the system. I know the header can be totally taken off with the directive, but I would instead like to change it to something misleading rather than switch off the signature, so that the hacker is misled ?!?

I used the following command :-
I checked the links to the headers.load file has been added in the /etc/apache2/mods-enabled directory. Also the headers.load file is pointing to the correct file as under :-
I have included the following command in the /etc/apache2/apache2.conf file and expected it to set the server header to the string between the double quotes. But it didn't work !?!
Also let me know how to find out the status of the shared objects loaded by apache2 at any time. The /etc/apache2 -l command lists only the compiled modules and not the modules enabled using the a2enmod command.

Plz help me out. Thanks in advance
nishith

Hi,

You have an error (missed the header name "Server")
but it's not guaranteed it works (for my apache 2.2.19 it's not). If that's not working, you can use:
that will hide anything except "Server: Apache" in the headers.

If you want to remove or change "Apache" use mod_security to do this. Or change the AP_SERVER_BASEPRODUCT in ap_release.h and recompile apache.

BTW
should show the loaded modules

1 members found this post helpful.

Thanks a lot.
The headers module did not work as brought out by you.
I Tried out the mod_security2.so module and it worked nicely. The only thing to remember is use the

and ensure the following are set as under :-
If the above two directives are not set as shown the SecServerSignature directive won't work.

The best part is even Nmap could be spoofed as it reported the Apache2 as IIS server.

Thanks once again.
bye
nishith