|
作者:Yiming Gong
. J3 V# t& }, N$ m+ r2 {* ~, Uhttp://security.zz.ha.cn
$ O8 m9 q1 `& K4 B; r默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求 8 o- b+ |( s( n, y/ q$ b4 I
yiming# nc security.zz.ha.cn 80
/ @5 O" `+ k; }8 Wget index.lakdsjf
/ R+ m* s, j9 K<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
! V* o y5 ~3 ~7 ^<html><head>
; w4 I, ~+ I3 E% g; F& K<title>400 Bad Request</title>
& c; h* Y* T( R: Z+ R6 `</head><body>
/ X: n! ^. H8 o9 e2 r<h1>Bad Request</h1>
8 J# N$ z) f7 ^: x6 O& [6 C<p>Your browser sent a request that this server could not understand.<br />( C0 ~& u4 y8 m+ p- w7 Y t* s
</p>. |. J, v/ b' f# }, `3 l/ F
<hr /> v) H! R7 W/ `7 }/ f
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
( L; A, S& b/ s/ n7 G</body></html>
) Y) }; F4 T6 h, z `" t9 U& K4 I" z+ M: @ F; x1 ^8 l
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?7 y2 L) c! B9 M1 o: H
答案是肯定的!
0 ~2 N/ [& w4 M! P8 U6 y5 w改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:) i* g! u4 C7 d2 h5 `; j5 j8 \( N; h
如下
/ m2 Z4 Y P) s( O0 k- [# and compiled in modules.' z& I+ u' ] o d% s" Y5 W
#: f) R7 h2 Y* Q
# ServerTokens. A& @7 \0 q1 V5 |$ Q& |
# This directive configures what you return as the Server HTTP response o- P2 T9 w5 B1 S Q
# Header. The default is 'Full' which sends information about the OS-Type
$ A4 m3 o4 j0 }; d$ z; G* ]# and compiled in modules.! t$ C1 M" S1 B1 X
# Set to one of: Full | OS | Minor | Minimal | Major | Prod- c% L; m- \" O6 d; m
# where Full conveys the most information, and Prod the least.
$ [% ?* u0 Z+ B* l#
0 T1 w, L' B8 \( c% \+ i#ServerTokens Full0 t& e" Y" {( ^" M. ~$ R( v
ServerTokens Prod 8 I$ c- V( w, ?- \8 ^
#/ C+ S N$ g7 K# r* A" D
# Optionally add a line containing the server version and virtual host/ g! P& L' ?: A- w6 J8 R6 Z
# name to server-generated pages (internal error documents, FTP directory
7 J; z9 K# w3 }& U8 o# listings, mod_status and mod_info output etc., but not CGI generated
, L/ S1 G; H N. K# documents or custom error documents).! E7 y3 ]+ v y- y
# Set to "EMail" to also include a mailt link to the ServerAdmin.
6 {3 f. G3 D9 [7 b" c! d& X# Set to one of: On | Off | EMail
7 ]) L; Q9 e- L4 j: r#: }+ r/ l6 {& H+ S! H* A
ServerSignature On! Z+ A v& r2 {- @9 W
ServerSignature Off
" |9 \+ U$ l* k修改后重起apache,再看看,
7 Z! [9 L( q: ryiming# nc security.zz.ha.cn 80
: _" R2 b& U H% K; zget index.lakdsjf: Z2 }; ?: j1 O5 q6 f
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
0 q' |. b4 D# K2 _/ a<html><head>
9 g8 {8 e$ @) X( j: h) q: X( Z: f2 L, y<title>400 Bad Request</title>
, b) a* Q1 N! H</head><body>
$ z. `; m# L" B" N4 ]2 ?<h1>Bad Request</h1>
S O& K$ X# [# q4 s<p>Your browser sent a request that this server could not understand.<br />, D. x F# O2 B5 c0 j: f9 w4 R
</p>
0 m6 T. ~( ^; @! l- x2 D* Y</body></html> $ [! d7 r, w; [$ u
. @' N$ l$ }, d$ C1 e# e. c, D" r( O
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
