allan
07-07-03, 02:33 AM
How many of you use Apache's ServerTokens to mask the version of Apache running on your webserver?
If you don't know, you can enter the line:
ServerTokens Prod
In your httpd.conf file, and Apache will return "Apache" in its header information -- rather than "Apache Version Number Modules, Etc".
Its an obscurity thing, but it may not be a bad idea to implement it?
Ditto PHP, you can switch the tag expose_php to off:
expose_php = Off
To prevent it from showing up in your header.
I'm not really sure that these are useful tips, and they certainly wouldn't stop a skilled attacker, but they might slow down a script kiddie using automated tools.
If you don't know, you can enter the line:
ServerTokens Prod
In your httpd.conf file, and Apache will return "Apache" in its header information -- rather than "Apache Version Number Modules, Etc".
Its an obscurity thing, but it may not be a bad idea to implement it?
Ditto PHP, you can switch the tag expose_php to off:
expose_php = Off
To prevent it from showing up in your header.
I'm not really sure that these are useful tips, and they certainly wouldn't stop a skilled attacker, but they might slow down a script kiddie using automated tools.