Re: Removing Apache Banner on IBM Websphere HTTP Server (Apache) for Windows

[Ivan Ristic <ivanr () webkreator com>]

Jason binger wrote:
> Is there a method for removing the HTTP Banner on IBM
> Websphere HTTP Server (Apache) for Windows? (Server:
> IBM_HTTP_SERVER/1.3.28  Apache/1.3.28)

  mod_security should work. Or, if you have the access to
  the source code of the web server you can change it there.


> Can a change be made to the httpd.conf ? Is this
> likely to impact the functioning of the app at all?

  Not likely. I seem to remember that changing the
  name (or was that the version) of the server in the
  source code can cause problems, because there are
  #ifdefs or similar relying on it.


> Has anyone run the Win32 version of mod_security with
> this package?

  I've heard from people using it, but that's it. No one
  complained as of yet.


> What are the options people configure
> with this module?

  I never thought mod_security is very useful by
  default. You need to want some of its features,
  and turn them on to benefit. For example, if you
  have an app for which you know is vulnerable you
  can use mod_security to close that hole without
  touching the app (which sometimes you can't do).

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]