|
作者:Yiming Gong
# x) T; A X" W8 Chttp://security.zz.ha.cn
, V C) B0 Y% F4 G. _默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求 * P- u0 D- T& L( o
yiming# nc security.zz.ha.cn 80' D7 M0 |3 Y5 E$ }0 n! ^
get index.lakdsjf
5 X4 G8 @; t# v( q" `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
; T6 i9 U6 s8 g<html><head>2 A. d; B) u2 R; W% t, v" Q5 Q4 T
<title>400 Bad Request</title>4 {% s7 \1 [4 ~0 q* O
</head><body>( P' C% ]9 s% I3 x" d
<h1>Bad Request</h1>
: y9 X1 ?. |' L) d& e: ^) a4 r<p>Your browser sent a request that this server could not understand.<br />4 U9 v( a8 o5 o
</p>
+ y; b% e0 M: h* |2 @6 O<hr />
' i: q( k8 x" D! j) E<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>* T; p7 p$ f+ H2 H6 z s6 |& A
</body></html> 9 N/ K5 F2 u% r% L1 K, z
. j0 W4 ^ q7 o3 E9 j9 U/ ^6 b
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
1 N3 T% Q4 R& Z答案是肯定的!
! k# w6 s0 F; ` [5 q0 V3 G' B1 [改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:, k- l8 Z) X% @+ A, e9 Z
如下
8 O3 `; v/ s3 Y, F$ \ S# and compiled in modules.3 N/ Y4 ^0 I% [, c' p3 t
#6 O$ b' O8 S6 l% J6 l. u/ [# Z4 T
# ServerTokens) [: v8 R- b! j: E6 M6 J
# This directive configures what you return as the Server HTTP response
: Q/ L) X5 z& j& T7 L# Header. The default is 'Full' which sends information about the OS-Type
/ y1 T; X Q5 [4 b+ \# and compiled in modules.& `6 B' }; H5 d! o+ t
# Set to one of: Full | OS | Minor | Minimal | Major | Prod6 F. J$ p/ V- W. ?" P. V% N$ L
# where Full conveys the most information, and Prod the least.6 G" A6 p* |$ }6 N$ b# L. ?
#
8 {% P! I, { L#ServerTokens Full; W9 b% \4 `- P0 S1 F
ServerTokens Prod
) q3 c S& { S: V: Q2 J$ w#
J3 F: G, d1 J" c. B# Optionally add a line containing the server version and virtual host
" B* }9 b! l; G* [2 D1 o7 I# name to server-generated pages (internal error documents, FTP directory
1 n" K7 P% B" c8 J; X7 H# listings, mod_status and mod_info output etc., but not CGI generated
* |+ N& D) S; L+ R: k$ s/ c7 I# documents or custom error documents)./ [4 z2 g% Z' ^7 L% ^
# Set to "EMail" to also include a mailt link to the ServerAdmin.
% \' n- L5 z/ J4 K" U# Set to one of: On | Off | EMail: }: q# z! h; k$ }, U7 [* J( Z
#
& I) f5 d6 g3 EServerSignature On( O. Q) x* @: ]( H" d A
ServerSignature Off % O& e- C/ R# w0 u! o" N' `/ e
修改后重起apache,再看看, 6 U; Q3 \0 _! l9 S; z X
yiming# nc security.zz.ha.cn 80. M" F' U; x! b, H+ V
get index.lakdsjf& }" P0 S5 E* ]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">% Y' m: u( R9 @& I: D' w
<html><head>
) A8 ~- J- a; u8 k<title>400 Bad Request</title>
! F# n9 U* ^" t8 w</head><body>& s O$ T( \7 Z% M2 z. E
<h1>Bad Request</h1>
6 k3 X& `& i. ?# S5 M$ t<p>Your browser sent a request that this server could not understand.<br />" J( y& S" H' Q
</p>
0 P3 N) h3 ]3 p</body></html> ) ^; L2 h7 j6 d6 r# j& V, }
 ) l& R) ]8 `! E) f3 J
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
