查看: 6775|回复: 0

如何叫你的apache不回显版本

字体大小: 正常放大

韩冰

823 主题	3 听众	4048 积分

我的地盘我做主

该用户从未签到

电梯直达

1^#

发表于 2004-10-5 18:21 |只看该作者 |正序浏览

|招呼Ta 关注Ta

作者：Yiming Gong E* P. _+ G( A. T2 a/ y5 b% T http://security.zz.ha.cn

默认情况下apache是会给client端回显版本号码的，可以测试如下,在client端使用nc联接起着apache的目的主机80端口，发送错误的get请求

yiming# nc security.zz.ha.cn 80' r7 B1 z8 O8 Q, } get index.lakdsjf & a$ x& Y! p9 U# k<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> F! m4 ]6 d! Y# p; x8 Y <html><head>0 E) O) H7 U s% P <title>400 Bad Request</title> 9 s# G) j) ~3 g R9 T* {- i# |$ Z8 M</head><body>' I; K3 V8 w) K! J G4 d. E% [" S <h1>Bad Request</h1>) Q6 d! |. s$ B! G: m! h- V <p>Your browser sent a request that this server could not understand.<br /> . O/ }' j$ l9 ]' s% t</p> / n' E! z7 d* @<hr />( a5 Q3 G9 [; ]" M6 a# t <address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>6 Y# F/ w; N, ]- O) k </body></html>

2 \; {$ u1 e$ x6 j 我们看到上面显示了apache的版本号（：）俺隐去了真实版本），这可不太好，能修改一下么？5 a$ j8 f$ `! | 答案是肯定的！ 5 `0 F+ A2 m! v" `改动apache的配置文件，找到ServerTokens和ServerSignature两个directive,修改默认属性：4 Z( T$ S8 N0 v0 T2 Z Y: r 如下

# and compiled in modules.3 ~: u- y$ y$ n( |2 Y # 1 h; z% B. `. |: D# ServerTokens0 U: ]4 q* X/ E6 }+ @0 W3 v0 x/ @' H # This directive configures what you return as the Server HTTP response. `9 e, j B( ^ # Header. The default is 'Full' which sends information about the OS-Type1 e( D2 ^# D8 \ # and compiled in modules. $ S) ?' K6 P9 \4 w1 p9 W# Set to one of: Full | OS | Minor | Minimal | Major | Prod* J- e- B2 D5 ^7 G$ s # where Full conveys the most information, and Prod the least.4 M+ f( Q- c( X s. H # 6 E# W+ L( K6 {. K6 ^0 X- L#ServerTokens Full 0 @( c# [0 l" r$ dServerTokens Prod

# J8 ^1 ~: B& e1 b: d- r+ Z6 f# Optionally add a line containing the server version and virtual host% V, s8 t5 c9 ]" s. ?, w) G # name to server-generated pages (internal error documents, FTP directory5 J c* N1 u' `% p # listings, mod_status and mod_info output etc., but not CGI generated * n; H4 D' q7 n$ s/ ^2 b# documents or custom error documents). 5 h9 x7 w7 U# A# Set to "EMail" to also include a mailt link to the ServerAdmin.: K$ v; ]/ }) }8 U* G6 c6 _3 G # Set to one of: On | Off | EMail7 F* ~' c: |% \ C4 E #( N+ x& z" k' z$ Z* F* a8 F ServerSignature On 5 Z! e- ^& l% e1 I; ^' R! OServerSignature Off

修改后重起apache，再看看， 3 ^( _$ }- G# }. H: n0 b) P yiming# nc security.zz.ha.cn 804 ~* B& X& H s4 B8 ` get index.lakdsjf 4 l: q4 ]/ a* Z: u% n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> - F* ~9 E9 _% m8 Y& I<html><head> % N0 b& B4 X9 O% l<title>400 Bad Request</title>) W) i5 T/ Q9 \: g E2 A </head><body> 1 M+ Q' d/ U/ j! }; [* z<h1>Bad Request</h1> % l: C' `3 f" G4 G ~1 j( D1 u5 j<p>Your browser sent a request that this server could not understand.<br />/ r. P& [& i; h) ?- U1 D) B </p> ) X& s4 N. O& w. D9 O8 n8 i</body></html>

* C; N" H* t% u' V. U* X