数学建模社区-数学中国

标题: 如何叫你的apache不回显版本 [打印本页]

作者: 韩冰 时间: 2004-10-5 18:21
标题: 如何叫你的apache不回显版本

作者：Yiming Gong , }! l5 V! S% f: U0 ihttp://security.zz.ha.cn

默认情况下apache是会给client端回显版本号码的，可以测试如下,在client端使用nc联接起着apache的目的主机80端口，发送错误的get请求

yiming# nc security.zz.ha.cn 809 b* r/ [* w) d' Q2 J get index.lakdsjf 0 ]0 Q: i( W3 G# H) l# |<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 6 ~% z/ Q% Q9 Q0 r! s0 \/ e# w<html><head>- q4 h; A2 Y0 i <title>400 Bad Request</title>' M L' @( N$ k. ] </head><body> ( E$ i4 h% e' v. I1 B3 `. g<h1>Bad Request</h1>8 X& g. s3 G0 i" W8 n( v: O$ H <p>Your browser sent a request that this server could not understand.<br />/ V% M& B Z5 [# R1 { </p> $ q5 _& n1 \. z% L<hr /> % b$ N7 Q* H* z<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address> C# h! b V& o* w) T' h </body></html>

; F& M+ ]! |5 \( Y 我们看到上面显示了apache的版本号（：）俺隐去了真实版本），这可不太好，能修改一下么？) l) i+ k+ c5 x& ]2 z& S2 S9 e 答案是肯定的！ . e+ B% q8 ^7 ~% V+ a改动apache的配置文件，找到ServerTokens和ServerSignature两个directive,修改默认属性：! ~: k% A. [9 w( B8 f2 D! W 如下

# and compiled in modules. 5 i8 D# E$ e. \1 Y+ B I+ u! }#) }. ~" B0 z/ M# D+ E# }( } # ServerTokens 5 {6 \1 f* j9 n' m# This directive configures what you return as the Server HTTP response : `. N2 g5 Z2 {0 |0 \# Header. The default is 'Full' which sends information about the OS-Type) [7 M: ?: t2 ?; J, p( ^ # and compiled in modules.7 e9 S( ^3 U: ]: g4 Y # Set to one of: Full | OS | Minor | Minimal | Major | Prod ! \. O: C3 t8 T# where Full conveys the most information, and Prod the least. & I( H' g \; C0 }; U# 3 Z" w D* S W" V) i' E#ServerTokens Full$ B* _9 Q' t$ Y+ G ServerTokens Prod

# . h n( s* p4 k3 U' ~4 l2 W2 b# Optionally add a line containing the server version and virtual host + _2 C* @8 @! n$ S! [# name to server-generated pages (internal error documents, FTP directory . ^6 ]) n: l# P8 d* q# listings, mod_status and mod_info output etc., but not CGI generated z3 |$ ]2 e% `# documents or custom error documents). 0 X) w$ K& F+ t4 C. S8 b! k0 y- I# Set to "EMail" to also include a mailt link to the ServerAdmin.( P: l0 g, E8 n8 A9 ~ # Set to one of: On | Off | EMail" f% b; x+ c7 V3 @7 P # ) a0 }# L0 x1 q% h6 p! EServerSignature On - h3 Q& P5 e9 }0 G. m& vServerSignature Off

修改后重起apache，再看看， + D$ w$ Q; Q, R; M- [ yiming# nc security.zz.ha.cn 80 * x z% f. [2 v6 d' M, s0 r- Q3 b( R. Mget index.lakdsjf( s6 g, J5 S( F( u1 C' N: [3 T <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> P/ K$ ?0 t* h% L5 a4 V+ N% M<html><head> 0 v; K$ L X1 C, P* N<title>400 Bad Request</title> 8 g% t# v$ q/ U5 \6 n</head><body> 2 K% C0 l9 i0 v7 o6 B2 G. T& J% |7 d<h1>Bad Request</h1>3 o$ a- D2 X& ~# i3 u8 C c0 E9 Y& p <p>Your browser sent a request that this server could not understand.<br />3 G$ J5 f* n. B; J </p> 8 Z2 K1 o1 X( k( a</body></html>

8 Q* W$ l% F" v# G; j2 X5 |# {

欢迎光临数学建模社区-数学中国 (http://www.madio.net/)