|
作者:Yiming Gong
) u) ?- u# T' F: e4 a. Mhttp://security.zz.ha.cn
1 a! s7 w! X+ {默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求 5 w" n; v+ N5 c" a* L
yiming# nc security.zz.ha.cn 80! h2 Q2 a" }2 Y, [: @
get index.lakdsjf( u) O9 B, w- P a0 a e. _4 g/ Q+ [
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">4 u9 @& b& v. a+ J
<html><head>1 p/ B- N/ }1 I
<title>400 Bad Request</title>
; T/ L3 I3 e( x</head><body>
( J5 K1 O# Z4 Z<h1>Bad Request</h1>; k9 G* T8 k9 _; B. t8 F1 Z! J
<p>Your browser sent a request that this server could not understand.<br />
* m' }+ ~1 ?" t4 s* a& y% Y</p>
- f& n$ k1 ]6 c5 F% D<hr />- e# Y7 S5 [+ N
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
7 G: k" m# [- y z</body></html>
* b a3 [9 b" r( ~3 O
. R& x7 q" n4 T. x! ^我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?. y$ E( k6 t) D3 K7 C. q
答案是肯定的!
* U6 l( C9 b- l( O n$ G! Z* _改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:. q( P" u" R4 ^* C1 _% @& ^
如下 % A0 }( ~* a- B
# and compiled in modules.9 P2 e; E+ _# N+ H3 ?3 v
#
* \2 q% r& W* O. H9 N# ServerTokens
) d! b7 h% h) R2 z+ o# This directive configures what you return as the Server HTTP response
8 n6 i+ l5 k+ K5 F* j# Header. The default is 'Full' which sends information about the OS-Type, h& W; h N# h; E, v) A( |
# and compiled in modules.
- Z. a; l: r8 A4 u9 r3 F5 V+ m# Set to one of: Full | OS | Minor | Minimal | Major | Prod% P7 I$ ?* c- ~: X3 R$ }
# where Full conveys the most information, and Prod the least.6 A' [$ C/ S0 P" }6 j" y
#. [# y# M2 n0 @0 |7 i$ k3 ?2 T
#ServerTokens Full
& H! J% f( r N5 QServerTokens Prod
9 s2 w" S6 g! e1 P#& I5 M- {- e: ]8 P/ E% y: D
# Optionally add a line containing the server version and virtual host' Q3 Q2 z# `4 x7 a- k. n
# name to server-generated pages (internal error documents, FTP directory
3 p9 {6 I4 V% {8 |# listings, mod_status and mod_info output etc., but not CGI generated3 t: C8 i3 P9 W \! U) \* m/ ]: D
# documents or custom error documents).
9 [0 ^: L' Y8 c6 H# Set to "EMail" to also include a mailt link to the ServerAdmin.
4 l- S) y6 J% H. H0 R6 S# Set to one of: On | Off | EMail* a' ?+ l0 h4 `1 b3 k5 I! B
#
% g5 L. r- e7 G) f2 ] |ServerSignature On' t, B- ]" x3 a* N6 g* Z
ServerSignature Off
3 X! e/ T% F* J修改后重起apache,再看看,
. m+ b8 O( Q1 N/ g$ _4 |yiming# nc security.zz.ha.cn 806 q$ ?7 f8 w4 s( ]
get index.lakdsjf1 q1 U' t) p4 ~; H& A
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">; v4 V& l* E5 V4 n; |! w: n
<html><head>+ I* c+ r" X! p* T' ?0 c4 n# b9 t
<title>400 Bad Request</title>
: O& m+ n& u) h/ x5 y0 c</head><body>
. K9 u& E+ e, g$ I0 u2 i' G( _<h1>Bad Request</h1>
! V) `4 V0 }" X, ]/ Z<p>Your browser sent a request that this server could not understand.<br />
0 |( X5 V# `0 a0 k7 d</p>$ {2 ?! [6 ?! x8 n# S
</body></html>
9 E, N9 ?6 B9 b: f1 S3 ? - _- z# o4 v7 A5 Y! x8 b
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
