WebApp Sec mailing list archives
Re: About web server version
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: 28 Apr 2003 08:02:15 -0700
On Apache 1.3.27: Edit "httpd.h" located in "apache_dir/src/include/" Find the following lines and edit them to whatever you want. #define SERVER_BASEVENDOR "Apache Group" #define SERVER_BASEPRODUCT "Apache" #define SERVER_BASEREVISION "1.3.27" Recompile and reinstall apache. However, the effectiveness of this technique to prevent people from attacking your web server, I would have to agree with Kurt. Many attacks by automated scripts are purely shotgun approaches, not caring what web server your running. However, there are times when limiting the amount of information disclosed by your system in a good idea. All depends on the level of security you feel you need. Regards, Jeremiah- On Sat, 2003-04-26 at 02:17, ystar m wrote:
Hi everybody, i would like to know if it is possible to modify information returned by web server (apache) about version, type : apache I have found the solution to hide the version by adding this rule to the httpd.conf : ServerTokens Prod But I would like that this information also not returned to a malicious user that try to collect information about the web server Best regards
Current thread:
- About web server version ystar m (Apr 26)
- Re: About web server version Kurt Seifried (Apr 26)
- Re: About web server version Jeremiah Grossman (Apr 28)
- <Possible follow-ups>
- Re: About web server version ystar m (Apr 28)