|
作者:Yiming Gong
c% R7 o0 b, m- Khttp://security.zz.ha.cn + ?+ x9 @# X. S1 c' Q/ K# j& @
默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
% ^, l5 C% t" y& C! |7 C( T: {yiming# nc security.zz.ha.cn 80* L+ q8 H$ g: k' y+ b
get index.lakdsjf
; Q" r& P' ~! x# a! i. }<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">! m, {7 ?, l8 _1 {- u/ Y
<html><head>
( w& e, G7 u: e<title>400 Bad Request</title>
5 \+ Q5 `% ]) ]</head><body>
( s" \! Q4 W& D( }<h1>Bad Request</h1>
8 F. f. @3 z0 g2 T<p>Your browser sent a request that this server could not understand.<br />9 Q4 D1 J$ l9 q( |4 P0 Q) \
</p>
# n2 I) G6 a, U7 l8 k<hr />
. N' G9 k* ]; @/ N4 L<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>' A0 x8 q" ?6 C7 [0 \
</body></html> 5 l/ H; r* ?! M1 g7 @
! h) i6 X$ ^& M' a& K我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
9 X) R5 E& q! j' E答案是肯定的!
" V5 _' l1 p2 V# ^8 ]改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
; Z! x! w, h. M( w5 U如下
# B3 e2 t: q- |# and compiled in modules.
+ C0 u* m& `" `, F' z* }. P: a& o#
0 Z% b* z5 P7 b: T' ? Y o# ServerTokens& c4 I; [% q* G$ j7 K! C$ w
# This directive configures what you return as the Server HTTP response, e$ f; u7 ?2 `* e$ H6 D5 l
# Header. The default is 'Full' which sends information about the OS-Type6 F! m* e% [1 ^. U! Z* `
# and compiled in modules., w; l" g, J+ ]8 b* o
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
4 ~& Y1 ^1 `# L+ k# where Full conveys the most information, and Prod the least.
6 I/ p6 g) o6 I( ?+ U" o, P#+ J' X: v& x( z% Q5 z8 A, l3 @, F
#ServerTokens Full9 k7 s* E7 h& x# Z, S8 H/ G6 c) [
ServerTokens Prod
6 c6 Z/ _9 J" F9 l/ F#" K$ U4 U% z$ k3 O! F3 a
# Optionally add a line containing the server version and virtual host0 H1 P5 y# x# B5 Q) z
# name to server-generated pages (internal error documents, FTP directory
8 y0 i% i( t' p6 [9 x# V; w# listings, mod_status and mod_info output etc., but not CGI generated0 `" ?" C8 U8 E' a5 M
# documents or custom error documents).# H1 B Z4 f0 {1 n. O9 K# m( F5 f
# Set to "EMail" to also include a mailt link to the ServerAdmin.
, h5 A( D7 m( `6 _( R8 `# p, e- z) d# Set to one of: On | Off | EMail
7 S0 o' x6 w( S/ \9 s/ j( t- l#' x; B" m, P( r7 D3 I$ h$ i
ServerSignature On
! Z S6 _* N4 i* l6 X5 YServerSignature Off
) C+ n* l3 X, _) b y: \修改后重起apache,再看看,
3 ~& Z) T1 r2 a! t, h+ Nyiming# nc security.zz.ha.cn 80% `3 g. S' [& {3 I2 k- U3 L! E
get index.lakdsjf) k* I# s; i7 c4 J5 U
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">( D+ a& Z1 B2 F
<html><head>
/ D3 Z6 x$ g! S; _ S" \, i9 y6 F<title>400 Bad Request</title>% f' N4 P7 N4 k9 w! N+ f
</head><body>
^2 y) d3 L( p5 l. r4 a' q R<h1>Bad Request</h1>
$ Q$ T3 P* E1 g<p>Your browser sent a request that this server could not understand.<br />
3 [6 b0 f& M! s7 \</p>& K( L: E" Y/ I1 y* j
</body></html> , h p$ Y3 C5 K
 0 A' v6 m$ N9 ]! g- ~
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
