Bugtraq mailing list archives
RE: easy remote detection of a running tripwire for webpages syst em
From: Jonathan Sartin <jonathan.sartin () rubus com>
Date: Wed, 29 Aug 2001 09:27:11 +0100
You need to set the ServerTokens directive in httpd.conf to reveal only those things that you feel appropriate about the server. Options are: min - will return the product and version (i.e. Apache/1.3.0) os - will return product version and operating system. full - will return everything, including the installed modules (as you noted, and probably a bad thing). product_only - will return just the product (i.e. Apache) default seems to be full. Examples: ServerTokens Prod[uctOnly] Server sends (e.g.): Server: Apache ServerTokens Min[imal] Server sends (e.g.): Server: Apache/1.3.0 ServerTokens OS Server sends (e.g.): Server: Apache/1.3.0 (Unix) ServerTokens Full (or not specified) Server sends (e.g.): Server: Apache/1.3.0 (Unix) PHP/3.0 MyMod/1.2 Note that this works on the server config level and therefore cannot be set for individual virtualhosts. Cheers .... J
Current thread:
- RE: easy remote detection of a running tripwire for webpages syst em Jonathan Sartin (Aug 30)
- RE: easy remote detection of a running tripwire for webpages syst em Jordan K Wiens (Aug 31)
- RE: easy remote detection of a running tripwire for webpages syst em Fernando Cardoso (Aug 31)
- Re: easy remote detection of a running tripwire for webpages syst em Johnny Cyberpunk (Aug 31)
- RE: easy remote detection of a running tripwire for webpages syst em Jordan K Wiens (Aug 31)