|
作者:Yiming Gong
) ]$ a @/ C0 j- ihttp://security.zz.ha.cn
" C1 {; ?6 b* v! X/ z. r8 X1 ^默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
1 T3 T# U+ `& y. L) }yiming# nc security.zz.ha.cn 80, d& o8 I1 d6 [$ E u3 r$ {8 q
get index.lakdsjf) N! {+ k% n) p
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">3 P$ p! }# L0 k* g
<html><head>
- ~$ ~8 @! v, @0 R( r+ [+ P<title>400 Bad Request</title># E9 R/ Z+ W4 H0 g
</head><body>9 y# {) U) P+ r! ^7 s5 ]
<h1>Bad Request</h1>+ T. x/ Y! _3 @4 ]0 E$ N) C W
<p>Your browser sent a request that this server could not understand.<br />! e+ b) n r' Y1 c
</p>' X8 P i. \+ r' F9 g2 @
<hr />+ I* f& Y( ~: B; t! _
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>; I5 V4 E# _2 W5 _, U2 M1 E
</body></html>
% ~! u' J$ \8 E8 f" s; @4 f- C2 H4 r& j; a. p/ ^: x* ?
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
$ u9 v3 I! ]0 f答案是肯定的!( n# s+ `: H5 _( \! v5 w
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:$ p4 X$ w" K' d. K$ C0 u3 c2 _
如下
, w! U7 f( k4 O# P# and compiled in modules.
9 R" Z) N7 Z ^, x, C' e5 M#
. M$ `9 _* w; c# ServerTokens8 j! j$ i/ t# y+ [9 k0 h* ^5 V
# This directive configures what you return as the Server HTTP response
; T) E& Q1 t' R! _" b r$ J# Header. The default is 'Full' which sends information about the OS-Type
9 B, @( c$ S) _8 q% B# and compiled in modules.
: p+ O8 }# D! D# o$ s6 s# Set to one of: Full | OS | Minor | Minimal | Major | Prod
" ]9 r0 U" h& M. t1 B. q0 Y* o# where Full conveys the most information, and Prod the least.
( J( r _3 b& D/ [ Y5 c#
- u W$ q2 U, @#ServerTokens Full7 F0 a0 E( S: h* |$ N
ServerTokens Prod q# W" `! o: C& ~
#+ U6 c6 |/ h1 t
# Optionally add a line containing the server version and virtual host
" I- z2 H4 J; }% H- ^+ b% R/ V& G# name to server-generated pages (internal error documents, FTP directory
; Z3 h) N$ }# J: \4 `7 s: j' r1 g# listings, mod_status and mod_info output etc., but not CGI generated/ N# j8 c9 V, T# r% y5 `" O
# documents or custom error documents).
* V$ o# `4 H1 C; ?+ r) K6 B/ s# K# Set to "EMail" to also include a mailt link to the ServerAdmin.5 X; [3 P* z$ b
# Set to one of: On | Off | EMail
S3 O7 B1 @: r' D#, L3 S9 ]) a: C* m; t
ServerSignature On" f L1 {! [! P6 R
ServerSignature Off
t( O5 I' Y- H; ]& O) p2 n修改后重起apache,再看看,
% m1 U4 n" V$ ^9 R9 Tyiming# nc security.zz.ha.cn 80
( w- Q8 c7 ^% G# [+ v0 g" n$ b' Fget index.lakdsjf
* [! a7 h6 \" m7 O& `" w% t# [<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">, @! X! g+ V1 ]
<html><head>8 ~' z( E( O. `; {
<title>400 Bad Request</title>
, _1 T( R! q1 O( V, r3 |( g* ^</head><body> W* g4 c' C+ w5 f) b0 ^7 L
<h1>Bad Request</h1>8 @7 t6 ?) I( {& m3 ^( v) }: G
<p>Your browser sent a request that this server could not understand.<br />) O: `6 R, i, X! E3 m t1 W" b
</p> `( x+ |! r2 W" G
</body></html>
# d! v: A2 u8 M J
! s: h( |; F' P" t) T$ L
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
