|
作者:Yiming Gong
: O* j/ R1 \% R+ Bhttp://security.zz.ha.cn - z4 j" g* D8 p+ T# S- M
默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求 , n0 C t! e4 G) Z$ ~
yiming# nc security.zz.ha.cn 809 F- i# z8 t1 E
get index.lakdsjf
* k* U8 d* j& @( y% K<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3 `$ L4 C% ^" _7 U<html><head>6 O; t4 G6 h, U- u5 [0 z/ k
<title>400 Bad Request</title>" {8 i. G; y0 l/ g1 s* w
</head><body>, _9 p. N( F) A) {. ]5 p7 _
<h1>Bad Request</h1>- L0 ^" M6 O( W- t( K# c6 m
<p>Your browser sent a request that this server could not understand.<br />
) R5 Q. d- B* \2 e( G</p>
& r" L5 U9 i9 E e<hr />
- j4 z/ R/ k! s5 X+ e<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
4 x3 ^/ ^+ x1 [: l1 O</body></html> ; @( [7 S' K1 O! D. B% T+ v
* E+ T4 }6 A" Q1 B2 Z我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
8 T8 O* x* `! O( P& d答案是肯定的!& M6 N w9 _( x/ ]
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
0 F7 S# A% f3 h8 B如下
7 H2 t! r$ B; ^: U, u( u# and compiled in modules.
8 P/ f% u5 ]/ b! U#0 W; `& v0 ^! E8 {( {
# ServerTokens
& i" G [6 A Z7 B+ i8 i( w# This directive configures what you return as the Server HTTP response
" y0 I0 x9 t+ ~% i5 u2 Z/ u! j# Header. The default is 'Full' which sends information about the OS-Type
: D9 a" y* x* U! Y& I# and compiled in modules.' Q! A; k) C5 d S/ Y
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
" v, k) P; z4 Q# where Full conveys the most information, and Prod the least.
8 z/ b4 m0 u) r* a1 R#4 g9 @% h. J) N
#ServerTokens Full
9 W/ n, O/ ?6 b& Q: E& QServerTokens Prod ! T5 M, k3 t1 y7 m, k) S {# P
#( v0 F+ P- b7 g1 _ A
# Optionally add a line containing the server version and virtual host
( L# s6 v1 Z1 {* Z# name to server-generated pages (internal error documents, FTP directory
0 ~1 b7 Q* r. L9 \( j# listings, mod_status and mod_info output etc., but not CGI generated/ p' z+ Z* |0 F1 h2 ?
# documents or custom error documents).
: V; A7 D4 Q3 i5 p# C- D2 \# Set to "EMail" to also include a mailt link to the ServerAdmin.
0 H7 C; B- N- S" N# Set to one of: On | Off | EMail
; z* |# \+ t3 f#1 z. Q! C0 B" d C
ServerSignature On1 o m# u5 _( g$ U& d7 e$ h
ServerSignature Off
7 V" V0 l G4 m3 e修改后重起apache,再看看, 7 [3 n1 w. B2 n" c/ v" @
yiming# nc security.zz.ha.cn 80; G. w5 `& O' J/ ~
get index.lakdsjf
$ |0 o: ^( H' ]! j<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
$ x& n9 e7 \1 e<html><head>
4 A5 V! U( D0 V9 T<title>400 Bad Request</title>
$ j: Z" N6 m$ r; `' B; f0 S</head><body>- T8 B, H7 F6 s' }- m
<h1>Bad Request</h1>$ L: x; T! F ^% e) D
<p>Your browser sent a request that this server could not understand.<br />
7 ^! J% n# M4 x/ P2 R4 X* p8 l3 A</p>
" K1 l8 `; Y" E7 C2 f) P/ o</body></html> % v5 j, A- v H$ G6 ]
+ Y) \! m7 |1 p- H* O6 G( w3 j# o
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
