如何叫你的apache不回显版本
<P>作者:Yiming Gonghttp://security.zz.ha.cn </P>
<P>默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求</P>
<P>yiming# nc security.zz.ha.cn 80
get index.lakdsjf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr />
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
</body></html></P>
<P>
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
答案是肯定的!
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
如下</P>
<P># and compiled in modules.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Full
ServerTokens Prod</P>
<P>#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailt link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
ServerSignature Off</P>
<P>修改后重起apache,再看看,
yiming# nc security.zz.ha.cn 80
get index.lakdsjf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html></P>
<P>:)
</P>
页:
[1]