|
作者:Yiming Gong' V* u9 K) R% y. I
http://security.zz.ha.cn
4 M. i b8 w; n, m) F* z默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
# {# Q6 `7 _3 z; w+ @' {5 |% Syiming# nc security.zz.ha.cn 80
5 _3 j% T6 _; P6 wget index.lakdsjf
1 s* u7 u7 v1 l) W7 F" i<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
' q6 T; K6 |& q7 a# | Z<html><head>5 f. n1 O# l6 X
<title>400 Bad Request</title>$ Y' W O" l* ~0 z _
</head><body>
) f3 j b% g1 P7 q<h1>Bad Request</h1>
+ W0 U3 y/ {5 \& p<p>Your browser sent a request that this server could not understand.<br />2 E' B9 S& U+ Y; x& u
</p>
% P9 i7 o M& x H# L5 p; d" d: ?<hr />
* Y5 f/ d0 f# h6 K9 u! F+ j<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>7 S% c1 y% H3 `. @ P
</body></html> ; M4 _+ Z+ w% X3 S" Z( i
' k1 c& o- O9 G/ B* T: c4 M- n7 `! M
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
1 B7 y* b. Z# A答案是肯定的!
1 x0 `2 S. y1 z! W! e ]改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
1 i. G% y/ o6 P5 B如下 0 r+ P% i+ Y0 m& Q
# and compiled in modules.1 ~ M. |. k& R, p) t
#
. D3 t: r6 Y, o3 K# j6 z# ServerTokens
6 ^ f; _/ V2 y6 I6 f5 { L# This directive configures what you return as the Server HTTP response1 t) q2 Z, [6 F$ y1 G
# Header. The default is 'Full' which sends information about the OS-Type
& I3 g' q! i! v# S# and compiled in modules.
6 Y4 d& N. Y9 L' J5 b+ ?5 h# Set to one of: Full | OS | Minor | Minimal | Major | Prod
8 l' A2 }' ~# X2 H# where Full conveys the most information, and Prod the least.
) w; H$ l3 h5 F C' q#- N9 {+ t _4 |. F# d
#ServerTokens Full
) L, O* Y% }( O2 uServerTokens Prod " k+ f$ C. H Q" ?. n# u& i' i9 H* W
## `/ T# F8 ^8 Q) k$ s E! \! W
# Optionally add a line containing the server version and virtual host
: i' [! B) [# V1 c) D1 M( p# name to server-generated pages (internal error documents, FTP directory
! s9 y# U, {/ l8 W2 B# listings, mod_status and mod_info output etc., but not CGI generated' s L& B- q& x% }
# documents or custom error documents).1 `! B2 f; n& a5 w$ M3 `1 R' E
# Set to "EMail" to also include a mailt link to the ServerAdmin.
- i$ r4 J# _' B9 w# Set to one of: On | Off | EMail
- e9 ?, Z$ j- o) r#' q7 U9 S& t+ g4 }
ServerSignature On2 E9 M" `. l3 ?2 X! @4 ]' t2 Z
ServerSignature Off
5 C3 L# p1 Y8 ?; v4 h f. ^修改后重起apache,再看看,
7 G9 ~! z8 Z6 k1 i2 tyiming# nc security.zz.ha.cn 80/ m; [2 @- C( L, e, L" f. ~% a
get index.lakdsjf$ S: @& ]: _* ?% ^. j3 v
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
8 p( n9 P# D- S8 j8 Z<html><head>* P3 X, V2 ^* c Y" N( u
<title>400 Bad Request</title>
, j; b8 N" @9 |3 D0 T* Z. x4 Q</head><body>* h4 l0 d$ H0 E/ v. p4 G
<h1>Bad Request</h1>& Q1 @6 A4 g; A% v3 l. ]$ y
<p>Your browser sent a request that this server could not understand.<br />
" G8 b9 r3 F1 o6 T2 J0 H$ c</p>
+ a' H: K W% |" B</body></html>
. k" o* _6 Q( s" s1 P ( K% X1 T) o4 X/ V) L* ]
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
