|
作者:Yiming Gong3 s, L) y2 H0 O6 h
http://security.zz.ha.cn
! u1 I5 p$ G' E( _% A默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求 - n$ ~# g! [: b% X
yiming# nc security.zz.ha.cn 80
( K' ?. D" y2 v+ V& s2 }get index.lakdsjf
6 ]: C- X9 `7 c/ a% q/ y<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3 s1 q% z% _" g# m) d4 H<html><head>3 S; t6 @, Y! X8 X/ Y
<title>400 Bad Request</title>$ d0 }( e% q) d- k2 [* k& L
</head><body>6 J8 O. [0 j8 |4 F- \* v) Y; w
<h1>Bad Request</h1>8 ^$ c; G+ c* ?2 K- h
<p>Your browser sent a request that this server could not understand.<br />9 m; p1 i& S5 n/ N) J) G
</p>. i9 T/ t6 i3 i4 B4 V, }$ A. c
<hr />, Y2 t" b5 l. S! Q+ u' i. o" i/ k4 K' F
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>& G: j! B5 _" ?! C3 e! Q& I! Q
</body></html>
+ m: ]3 S+ C6 S' S/ w# Q. v$ z! P6 c2 X2 P
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
" ^3 g6 T/ ~8 h8 i4 Q答案是肯定的!
8 c* }: O* D! S. t+ K& g, [" q改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:# K/ c7 L, C, o: k4 U: U
如下
( v$ U* C2 U* Q# n$ U# and compiled in modules.2 y- h, Q- b, \$ ?. Y& V3 ~
# U( H3 m1 ~" l; H7 f/ G5 ]3 J
# ServerTokens4 K2 Z! b1 d6 U0 }3 S
# This directive configures what you return as the Server HTTP response' O0 V H6 S% m
# Header. The default is 'Full' which sends information about the OS-Type
4 `+ X }3 M2 P6 D$ T6 e+ [# and compiled in modules.5 b* e% ]8 q; q/ \5 R9 T6 F7 ~+ M
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
9 l% M* o$ P: E/ u% L( l# where Full conveys the most information, and Prod the least.4 A1 [" a) s) c! t- C
#
6 z" u1 B6 U" R! M0 w; X( e! Z. h3 `#ServerTokens Full# P: f4 T# D- v, T) W1 |* h
ServerTokens Prod
0 ?' y" }, I4 b n#8 ^; g$ ?7 q$ m! o3 \
# Optionally add a line containing the server version and virtual host
. m' P" \) {5 w# name to server-generated pages (internal error documents, FTP directory
, Z0 x9 c7 A' E# listings, mod_status and mod_info output etc., but not CGI generated0 }0 H; ^ S. }* B, {
# documents or custom error documents).0 S8 p9 |) U) h# O
# Set to "EMail" to also include a mailt link to the ServerAdmin.3 h/ G6 \- Y9 f2 W8 w
# Set to one of: On | Off | EMail
5 d' e' s( e# c7 v( B; B#
# ~& ^) p8 |" x, s2 u* H3 R) [( UServerSignature On' E5 u& a# o0 Y8 G h
ServerSignature Off # X2 a7 ]9 S5 |+ w K# |# z1 E( I
修改后重起apache,再看看, # d R; x3 C( y' k' A( r: A5 w" _
yiming# nc security.zz.ha.cn 800 y/ X' m. O$ g8 r% }' T
get index.lakdsjf
) G* v: ?/ W/ M( `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3 _ y3 H5 s/ X8 q<html><head>
8 a# @7 T, |* V& S; L: f1 H/ I<title>400 Bad Request</title>
' z, l+ t" d/ H! Y! W0 o3 t5 ^</head><body>
; P* g" C2 s# o5 q<h1>Bad Request</h1>
9 o4 I& W% W4 R9 r! A( I1 p<p>Your browser sent a request that this server could not understand.<br />
) Y( L, B- S+ G</p>3 G3 n. W, e! [6 ]+ f
</body></html>
6 Z T' M* N& P" O0 K2 v! w & I1 n. r( t- [: r6 t# w. Y3 x$ {) ?
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
