|
作者:Yiming Gong3 A7 ~% I) s3 ]7 B
http://security.zz.ha.cn " A# d. p: w \4 z2 H: ?; N3 i
默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
) N, Q4 }% f$ k7 qyiming# nc security.zz.ha.cn 803 q5 T, ^3 H9 i9 V* I, x% Z) U
get index.lakdsjf5 t& f. z& H+ Y2 X: _# M9 M) v% K! D
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">" j# a5 Z3 C1 i) |
<html><head>, M3 }& [' ^0 v
<title>400 Bad Request</title>
, j' J, X& f1 d7 U# E+ i</head><body>
& N0 V2 q' A; _6 ]& r' c' N<h1>Bad Request</h1>
* l6 Z u7 n; {6 u' _4 \- c% t<p>Your browser sent a request that this server could not understand.<br />
& Z( L. l4 [& Q! |6 S</p>& Z, s. o* [7 c' w `' x8 s' d
<hr /> r9 M5 ~; L% U( q$ E
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
4 A; }% q& ^3 c6 {</body></html>
9 o. @# x. P: r9 z, @; w
- ~2 }9 ~8 A. G3 `- I5 b$ K. V我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
. R$ x* R/ o5 W" l: u答案是肯定的!
9 _) B3 b. @9 f, U! Z* i改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
6 _; e( G& T3 k7 \7 j* ]; Q: K- w. W如下 ! d8 Q# U: q' w$ O
# and compiled in modules.
6 d. T T1 j( j0 D/ S#: m7 F7 T7 }1 x8 @; ]( T) W
# ServerTokens
1 {8 x' Q/ X; c" A3 T. U) _# This directive configures what you return as the Server HTTP response+ q- `: J, R6 l+ d! M, A
# Header. The default is 'Full' which sends information about the OS-Type
9 m( p7 \6 ~6 }9 i# and compiled in modules., r1 M) _8 G( m" y8 o' h, d
# Set to one of: Full | OS | Minor | Minimal | Major | Prod3 [# T, S* b6 f
# where Full conveys the most information, and Prod the least.
& O. W/ w& Z: |4 B' f. o#* `4 A, q$ x8 n( e3 Z) t* G( I
#ServerTokens Full
1 y7 S2 V4 l- M$ hServerTokens Prod 9 _, x; p+ t W/ U' w. c
#( {' s6 R7 x! k* H0 G9 H
# Optionally add a line containing the server version and virtual host
/ f G- ^1 @4 z q5 `# name to server-generated pages (internal error documents, FTP directory
1 n! S B1 F, g2 ]! C# listings, mod_status and mod_info output etc., but not CGI generated
+ h! P" W& e- H4 [* K3 N# m& K9 [# documents or custom error documents).. O3 M3 Y; Y( m
# Set to "EMail" to also include a mailt link to the ServerAdmin.
' ]2 E0 Z) ]% E( B# h( g% P+ O# Set to one of: On | Off | EMail
6 S: w% X6 h' k2 \! C6 u#
' B1 ^. @+ q/ |! WServerSignature On& p2 L& _' u7 Z1 O6 U
ServerSignature Off z; D& x) ~) t
修改后重起apache,再看看,
" o4 i5 h9 z; j" h7 u! G$ S6 ?yiming# nc security.zz.ha.cn 80
: ~2 b u) W+ Jget index.lakdsjf u3 T+ h/ n) |- m
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">" T% e' l% c+ R0 i
<html><head>
+ H% n& y( x# c0 @+ I<title>400 Bad Request</title>
/ ?5 a6 c6 X) q) A9 i</head><body>; P# f6 @ d! t( V3 ^
<h1>Bad Request</h1>. W7 G: Q+ P5 o) z# n: Q B
<p>Your browser sent a request that this server could not understand.<br />
1 h) r& v# _0 k0 i: P</p>
0 o1 d/ E2 M3 m- j: y+ t</body></html> ! D9 H; V9 I% _
0 e7 m& O- l5 q" ?: t" H
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
