|
作者:Yiming Gong7 n$ J+ u6 V9 V( j4 |$ S
http://security.zz.ha.cn
* a8 Z9 m/ K8 y$ @+ q( J+ k9 @. B默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
# L2 O* {: N% {# tyiming# nc security.zz.ha.cn 80
# P" _1 q, M: @5 m) ^& U- |get index.lakdsjf. V o' z0 J% y0 K2 O* Q% o
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
Y1 g+ n; p* o' j" D6 A5 E<html><head>* P; `4 q# {3 Q$ ]8 E9 `7 L
<title>400 Bad Request</title>/ o& g0 z9 R" X& [ A
</head><body>
6 r E1 N2 f: ?2 R7 ~+ E<h1>Bad Request</h1>2 Z* P" `/ `% M
<p>Your browser sent a request that this server could not understand.<br />) }, ~ t5 e. Y) B( b
</p>, _) _. N0 i: V: q
<hr />- ^$ W9 \% Y4 F2 t" R+ l2 z
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address># w4 m, r0 C$ L- `
</body></html>
8 f" p, m/ w* L8 w. @8 Q/ U! F* k$ p
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?" B' u# f: E4 g& T% z
答案是肯定的!) z* C' w: r. D, J
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:4 x4 @# i8 i' I
如下
2 R' d* {: B- s9 @# and compiled in modules.' o; b7 d, x2 c+ y
#
& |. \# m+ x" i f0 M* [. V- Y# ServerTokens
- _: _7 D8 S i. |5 _* @ L3 ^" @9 ~# This directive configures what you return as the Server HTTP response0 G2 Y" ]9 h" x& A
# Header. The default is 'Full' which sends information about the OS-Type r, f# _' N, X5 F& V
# and compiled in modules.
6 z$ Y" }0 X5 \+ n+ H# Set to one of: Full | OS | Minor | Minimal | Major | Prod
& Y W# y1 H4 m q+ s; j# I9 d# where Full conveys the most information, and Prod the least.2 U% k4 I5 l8 r# H
#
- @4 N; D5 u. b/ C4 G#ServerTokens Full0 M$ E& o, l! j, Q% \8 S
ServerTokens Prod
+ _1 k6 [5 D! o1 ?! H+ i& d- j& h#7 { e$ O. \( y* x7 ?
# Optionally add a line containing the server version and virtual host
3 e) @5 C# V2 a) t( l" C0 q# name to server-generated pages (internal error documents, FTP directory" M. u& B8 s0 J& C) I1 V) t
# listings, mod_status and mod_info output etc., but not CGI generated
5 v) f4 B- ^' _7 f# D6 i# documents or custom error documents).6 t# `! G# C }% t) `4 C
# Set to "EMail" to also include a mailt link to the ServerAdmin.
! q7 b$ V! K1 w6 {& _. `" v. t# Set to one of: On | Off | EMail
8 `2 A7 @- s" q- o [#- g, R6 Q7 ?& t1 x
ServerSignature On
- L! X1 f! z+ b7 W- dServerSignature Off
3 c6 u& G8 B2 }' M( P% b修改后重起apache,再看看, 9 f3 W5 X( D* ] w
yiming# nc security.zz.ha.cn 80! J$ r1 W& I7 @' |
get index.lakdsjf
5 A. M# l; x+ C. n! u" f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
6 B1 ^4 A: |/ V% k6 i; m' x; Q9 g! M) |<html><head>) G8 _+ w Q k9 {% R% b! p
<title>400 Bad Request</title>/ h# r* M, j' p. o1 H
</head><body># G! `2 N& B. B. w: E; |( A
<h1>Bad Request</h1>
6 W7 q1 ? E6 E* Q/ |3 p) P# \. H<p>Your browser sent a request that this server could not understand.<br />& l' ]: p& s# M0 k
</p>
2 }) L: q1 J) O) O: P" K8 {</body></html>
! M5 v% a9 e) w4 |' N
$ d5 \2 k }! ~) R+ h% f
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
