Security Basics mailing list archives
Re: securing linux webserver?
From: "AragonX" <aragonx () dcsnow com>
Date: Tue, 1 Mar 2005 20:07:38 -0500 (EST)
<quote who="Eduardo Kienetz">
Also, block the disclosure of application versions: Apache x.xx (i.e. when you try to access a page tat does not exist is shows: "Apache/1.3.xx Server at xxxxx.com Port 80")
For apache, change your /etc/httpd/conf/httpd.conf file. ServerTokens OS should be changed to ServerTokens Prod. Don't forget to hide Sendmail information also. I used this site: http://homepage.mac.com/felipe_alfaro/iblog/B1004527421/C406641880/E2004287443/
Current thread:
- securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hamish Stanaway (Mar 03)
- Re: securing linux webserver? Eduardo Kienetz (Mar 01)
- Re: securing linux webserver? AragonX (Mar 02)
- Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
- Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- <Possible follow-ups>
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)