数学建模社区-数学中国

标题: 如何叫你的apache不回显版本 [打印本页]
作者: 韩冰    时间: 2004-10-5 18:21
标题: 如何叫你的apache不回显版本

作者:Yiming Gong2 R. y3 `8 W# j http://security.zz.ha.cn

, {( A+ e1 D# X2 L& g. l4 B

默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求

! g9 B+ ]; `: z$ r' _4 {4 Y0 q

yiming# nc security.zz.ha.cn 80 9 K7 Q, _( i# D- z+ L' q/ ?. d. hget index.lakdsjf9 V+ [0 _8 g0 x% p# o9 V* z, d6 L <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 2 O4 _) ~* s7 |! A- V* U<html><head> * t9 m0 I9 O) S<title>400 Bad Request</title>" _ s- R& V1 Z </head><body> , B+ m; q3 \- L: f<h1>Bad Request</h1>' D9 a; Z3 E. |% l' z1 S; e; a6 c <p>Your browser sent a request that this server could not understand.<br />0 }9 u4 z' N5 m </p>/ O! b- b* p9 C <hr />9 {/ [ n) V3 q: ^: ? <address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>' e4 W( B3 G& @7 p! v9 U- E% u- I6 ` </body></html>

0 A# X7 s% z& R% U/ t8 h

B" G. z: L2 ^) ~ [ 我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么? " s; `" Y& K# Y答案是肯定的! ! R' W# y3 T5 g t6 y. d2 ^改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性: % {( h- j( N; l: Y6 Y! U( A8 \如下

/ O0 ~3 p) J5 u! v

# and compiled in modules.; o. n. C2 ?3 ^$ g* s8 ?2 P ## x0 y P1 E% F # ServerTokens * \- F- g7 n/ a+ G6 S6 ^- x# This directive configures what you return as the Server HTTP response 5 s, Q* s0 P6 i5 _# m ^, z4 X# Header. The default is 'Full' which sends information about the OS-Type 4 S; | b9 G5 N* c8 W3 d; y# and compiled in modules. / N% b& D& }0 ?3 m, }# Set to one of: Full | OS | Minor | Minimal | Major | Prod+ i. |6 h" }3 o, ^2 p1 U8 q# E # where Full conveys the most information, and Prod the least.+ @0 g0 U8 ]% R6 M# ? #( `; r8 X" ^# @6 q; B4 ]9 F #ServerTokens Full$ v9 H: G; k. N9 o+ S9 ^. R8 r; C ServerTokens Prod

. D; u* h3 c3 Z- o- W2 G

# 0 ^) r0 Y/ d5 {2 G# Optionally add a line containing the server version and virtual host : @9 J) n3 G& g, [# P) V# name to server-generated pages (internal error documents, FTP directory 7 X/ s1 A$ a1 d9 R6 T9 S) O ?# listings, mod_status and mod_info output etc., but not CGI generated E/ t- Z- }% ?4 e7 ]( J3 W2 _+ {# documents or custom error documents). : r) z+ q. ~! I# Set to "EMail" to also include a mailt link to the ServerAdmin.! \# e# w4 i) f6 f$ c: v # Set to one of: On | Off | EMail [* W+ H) N5 a0 I) c3 j #9 N1 `% y/ n+ J2 `5 g; Z' A P ServerSignature On % C" y8 w; J, o4 [: N _ServerSignature Off

4 N! t( ~+ U% g9 Q0 A h* o# P1 O

修改后重起apache,再看看, & }1 l) N G9 ^* K8 h5 P& i9 fyiming# nc security.zz.ha.cn 80 c" l0 g1 H& I2 o, \ get index.lakdsjf : e3 @2 ?, }$ s, g+ p<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> / \9 K' o h9 I- V<html><head> " _3 i/ l6 Y, }' @( L+ \: e<title>400 Bad Request</title>. \% o" C! g3 C9 |' F: N- @7 @ </head><body>! O) i- T, J! Z! c' g* R7 ~% j) D( s <h1>Bad Request</h1> ; L3 b. \8 Q$ G& [! E8 w# Y<p>Your browser sent a request that this server could not understand.<br />- s; d) x! b& Q$ S+ ^ m( R </p>) h( d0 K' p6 B: u$ G6 n </body></html>

! z. B4 g! z2 Z7 K' q

1 B4 ?. a' l) c# A





欢迎光临 数学建模社区-数学中国 (http://www.madio.net/) Powered by Discuz! X2.5