|
作者:Yiming Gong0 u. e5 j# r1 T) ^. ^: n- c3 _1 X
http://security.zz.ha.cn
+ G- [( I7 z6 E; T [, k默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
' J: [2 a* q1 Jyiming# nc security.zz.ha.cn 80
. ?) v M6 Z! j. A9 i& L4 I( M. Uget index.lakdsjf
: C* |! u1 { Z+ X4 f* {<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
, t: L' F% w1 N) z4 y! d: A<html><head>
2 Y) V! t# t) ?8 a' |<title>400 Bad Request</title>% A, u; L1 e5 y; T$ Y5 [+ U) v
</head><body>
$ m" e( X8 [" W<h1>Bad Request</h1>
0 i0 c- e( {1 U<p>Your browser sent a request that this server could not understand.<br />; z+ R! ~ q" W: _: [9 B: Y
</p>
" B s/ P: c& ^' D& Q* @. z<hr />. V* i( D; D; G& d* P" O- u+ b
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
, x5 }" ?" }: t</body></html> , W6 u& V2 g' S
* l) e7 q ~9 u Y8 x我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
9 } K! ]# r3 E# `8 G0 r4 s答案是肯定的!
. j! ]" a. z- M' c2 o. e改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
: \3 j# L2 N" `, B4 N) j如下
8 W! \9 }) F* y5 j4 a+ l& N5 f# and compiled in modules.' g" j7 @6 T7 P8 W0 n9 W w, m0 [# I
#
. M" i: b4 D; A! Y# ServerTokens4 o9 @; }8 [3 V7 H- U2 b
# This directive configures what you return as the Server HTTP response1 [" y# o M% H6 ?: Q1 m8 z! @
# Header. The default is 'Full' which sends information about the OS-Type
. r9 Y/ }$ J- h3 s7 s# `5 m0 ?, ?# c5 ~2 i# and compiled in modules.' Y4 _+ M! S2 f7 b
# Set to one of: Full | OS | Minor | Minimal | Major | Prod$ ^' Z& K0 T& _' h7 c$ `
# where Full conveys the most information, and Prod the least.+ X. l% X* t) \9 v0 h
#
- v2 w* u5 E' v T& B#ServerTokens Full
4 }* w) m% F8 X' n9 g2 ]* [6 }ServerTokens Prod
: d+ U+ ~+ k# D# W#, x7 u+ _$ Y9 k; g8 ?2 c5 ~
# Optionally add a line containing the server version and virtual host
5 A* A$ w% Q$ w1 p3 Q3 A# name to server-generated pages (internal error documents, FTP directory
l" |+ W% Q+ w0 H# listings, mod_status and mod_info output etc., but not CGI generated$ [( z, g; i* [7 K5 K
# documents or custom error documents).2 V: j4 D) ~2 d1 b. Y r
# Set to "EMail" to also include a mailt link to the ServerAdmin.* ^# O5 @! _; k1 L9 g; a! ?1 E3 M" a' B
# Set to one of: On | Off | EMail- L5 ?4 B5 Y' K2 ?. D$ E
#
+ Z. D: B# @7 ]% }ServerSignature On
, ]4 ^0 H1 c; Y8 G4 T% DServerSignature Off " }# F9 t. s$ A
修改后重起apache,再看看,
8 a4 u' f/ o, Fyiming# nc security.zz.ha.cn 80
! j0 h4 _: a5 P lget index.lakdsjf
- i8 o X; @/ x<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3 [! Z3 P& U2 a. b" w+ ~<html><head>9 n; I- }- }$ ?9 G% |9 J
<title>400 Bad Request</title>% W5 c! d! G: y* {* R, S+ f3 b% W
</head><body>
, I/ G+ q R) V! Y9 N3 x. t<h1>Bad Request</h1>) t/ C, k, d1 m4 w B w' i
<p>Your browser sent a request that this server could not understand.<br />) E( K/ N; U9 j' \0 ]% N8 N
</p>
: s/ {! C1 G5 b- E- F6 G8 U% ?</body></html>
( w* ^% d3 W( b+ b8 W/ {2 k
' P: I2 e7 a- v% g7 {
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
