Bugtraq mailing list archives
RE: easy remote detection of a running tripwire for webpages syst em
From: Jonathan Sartin <jonathan.sartin () rubus com>
Date: Wed, 29 Aug 2001 09:27:11 +0100
You need to set the ServerTokens directive in httpd.conf to reveal only
those things that you feel appropriate about the server.
Options are:
min - will return the product and version (i.e. Apache/1.3.0)
os - will return product version and operating system.
full - will return everything, including the installed modules (as you
noted, and probably a bad thing).
product_only - will return just the product (i.e. Apache)
default seems to be full.
Examples:
ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/1.3.0
ServerTokens OS
Server sends (e.g.): Server: Apache/1.3.0 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/1.3.0 (Unix) PHP/3.0 MyMod/1.2
Note that this works on the server config level and therefore cannot be set
for individual virtualhosts.
Cheers .... J
Current thread:
- RE: easy remote detection of a running tripwire for webpages syst em Jonathan Sartin (Aug 30)
- RE: easy remote detection of a running tripwire for webpages syst em Jordan K Wiens (Aug 31)
- RE: easy remote detection of a running tripwire for webpages syst em Fernando Cardoso (Aug 31)
- Re: easy remote detection of a running tripwire for webpages syst em Johnny Cyberpunk (Aug 31)
- RE: easy remote detection of a running tripwire for webpages syst em Jordan K Wiens (Aug 31)