|
作者:Yiming Gong
- H0 \6 Z- }0 g2 q; v' Phttp://security.zz.ha.cn ' c. \4 f2 J- F' n! }/ U
默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
$ Q5 G. d% R2 h. m: T* Ayiming# nc security.zz.ha.cn 80
; W- W( `( D8 ~3 t; w% B* t- D4 hget index.lakdsjf
2 H+ U' ~2 r& J# d1 d; r2 J2 u<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 O- l% ]( V5 f" f, n# z6 v<html><head>
. D, R4 E% ]: z; b/ r' v+ }7 c<title>400 Bad Request</title>
2 y- [% M, i" c6 ^</head><body>
' N' k. q3 _- {5 Q5 z<h1>Bad Request</h1>
8 b2 i7 F+ e% @<p>Your browser sent a request that this server could not understand.<br />
6 q. N: }8 P; X; @6 t- h8 p</p>7 a6 U+ w3 j, K+ o
<hr />
$ R6 O0 N/ o: w2 U" l5 n. f<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>' e, l1 Y, X) l& e) N* j5 d% `9 L
</body></html> " h x: }# r4 f
' z7 Z9 I. N b. X: ]
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?7 R2 Z8 s: R& p7 r8 m7 [
答案是肯定的!
8 U/ Z6 P+ c! ^: J* J改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:1 d) [- G8 v k1 `1 o! z
如下
2 }9 a) E4 \7 V3 u- O h# X9 A# and compiled in modules.) m5 ~- H* h+ i m+ m
#
& R$ ]6 u% F! Y$ O n# ServerTokens
0 G3 B" I$ U) d( T" |3 J; X. i2 i% N# This directive configures what you return as the Server HTTP response
; E5 A' e) \5 Y2 u0 w# Header. The default is 'Full' which sends information about the OS-Type$ c5 j" k% t* B; `' S4 c1 S
# and compiled in modules.) U+ X7 X3 y1 G5 S9 C
# Set to one of: Full | OS | Minor | Minimal | Major | Prod, q; r0 k3 S+ u# ~( ?: Z6 s
# where Full conveys the most information, and Prod the least.3 R) ~5 ~/ K0 [; }
#
; Y+ N$ z& I* }% o+ S% j#ServerTokens Full! J* v, y) H, c1 y
ServerTokens Prod # L! y0 G7 i* k- x
#2 N2 X5 c& N d+ K- g
# Optionally add a line containing the server version and virtual host! x( l1 M4 ^- s: r
# name to server-generated pages (internal error documents, FTP directory
0 M% y. S* \7 V" I [ o8 w" Q# listings, mod_status and mod_info output etc., but not CGI generated
3 Z# b0 H* q6 U! Q# documents or custom error documents).4 S; l" H& z# O0 {& s
# Set to "EMail" to also include a mailt link to the ServerAdmin.
I d1 ~6 V! L+ y0 R" S G# Set to one of: On | Off | EMail
* k* q; R' y1 ` y' b% ]#
2 c7 b5 J0 O/ p. x$ D5 RServerSignature On7 d% L7 z) i+ }& U# q& J
ServerSignature Off % Y) _2 H1 ^0 B( X; s8 n
修改后重起apache,再看看,
2 Q3 f m% W% l2 u* S6 ]yiming# nc security.zz.ha.cn 802 l; T0 p& f* T8 |1 H
get index.lakdsjf
4 r& r8 V8 j6 m, L: n0 c9 S+ [<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">2 E1 ]( ?# q7 E
<html><head> _ z& y! x* j: I' J0 F' ]
<title>400 Bad Request</title>
" C: W3 B3 q" D8 c; _</head><body>+ r( M8 I6 T: ]$ `
<h1>Bad Request</h1>
& d7 h+ [* H# J( x O/ E4 F& I<p>Your browser sent a request that this server could not understand.<br />0 ?1 @+ t. X1 N4 l; O, _- Y' ?8 s" q$ ?
</p>
3 N8 l# [+ y) v4 s q# ~8 S</body></html> / |0 y$ E/ B3 V0 p, w
/ x/ q6 x) M5 y/ V+ i7 z0 ~
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
