Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Results 1 to 1 of 1

Thread: Removing system and version information from apache webserver

  
Bookmark and Share
  1. #1

    Default Removing system and version information from apache webserver

    Many times when we get a 404 or any other errors from apache web server we have seen that the error includes which web server it is running, which version it is and what OS the website is running on. This information will invite a lot of attention to "Some" people who would seek for open doors to attack the websites or servers.


    So we have to stop providing these information in case of errors etc. How this can be done? We can do this easily by tweaking two variables in the apache web server configuration file.

    ServerTokens and ServerSignature. From the apache documentation,

    ServerTokens: This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

    ServerSignature : The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, ...)

    This is the error we were betting before the changes:

    Not Found
    The requested URL /hh was not found on this server.
    Apache/2.2.3 (CentOS) Server at Dear member\guest you have to reply to see the link Port 80

    Now, we will change the following parameters and restart apache web server.

    Code:
      vim /etc/httpd/conf/httpd.conf
    
        #ServerTokens OS
        ServerTokens Prod
    
        #ServerSignature On
        ServerSignature Off
    
        /etc/init.d/httpd restart
    Now we will be getting like this:
    Not Found
    The requested URL /hh was not found on this server.

    Thats it. Now try yourself. :)
    Last edited by kuldeep; 02-21-2015 at 03:32 AM.

  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
     

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •