|
作者:Yiming Gong* d% ~9 [- u. y8 Z% q
http://security.zz.ha.cn
5 T c0 G4 f& G默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
; g$ N1 B8 b* i( Jyiming# nc security.zz.ha.cn 80
5 m$ d I- r$ p- [4 e$ d, bget index.lakdsjf9 [3 T+ g0 d8 U( ]/ `, {
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">5 q' s1 Y5 y; G0 D. s
<html><head>
$ u$ Q2 N' @' T% t7 p<title>400 Bad Request</title>$ _/ b8 ~! O# t. I7 r; Z0 ~
</head><body>
% S! \7 O9 z3 `1 r; g6 h% l<h1>Bad Request</h1>
& i; j X6 _ L- A2 }7 L) L<p>Your browser sent a request that this server could not understand.<br />; Z, C. o7 `2 D% V9 r$ Z
</p>3 z. Y a% i* J& `2 ~
<hr />
, x: U' k6 Y/ b+ Z/ T6 p/ W! i" k<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
9 T7 n y& M5 L0 \! y0 `</body></html>
2 G7 J% ^. d' M5 G! F y9 ~4 p r- P4 n# J. n( e$ i
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?; U" }" }% z8 b X
答案是肯定的!
# s3 Z) f; S/ D$ w; h8 Z1 R9 v) W改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:. O9 p* V1 ?% M2 D9 t3 b
如下 : g) u. Y. S% t( C# V
# and compiled in modules.- {9 I( ~, k1 t: }" c
#. \% ?- n+ g' R
# ServerTokens' e* O& Y- G4 ^3 k0 T4 a; Y/ q G* p1 F
# This directive configures what you return as the Server HTTP response: k9 z7 ~8 y' [: N' v
# Header. The default is 'Full' which sends information about the OS-Type
( d% t1 C" s1 k) I, P+ {# and compiled in modules.( Q. o p: B3 C9 R' x- y" x4 [2 |
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
6 S+ @2 o9 O; ]# where Full conveys the most information, and Prod the least.! G6 J9 Q9 V& c. o8 P1 Q0 G3 K! [
#
5 L( s3 |; b" o7 U* v$ B; t#ServerTokens Full c7 ]: P. h$ Z' H
ServerTokens Prod
$ d) L+ B! C* Y' @5 p6 e& w# p#
$ `1 U J# x6 I8 R. y# Optionally add a line containing the server version and virtual host0 T) ^' b8 U, A8 c
# name to server-generated pages (internal error documents, FTP directory+ P) `1 s+ T/ A) ?
# listings, mod_status and mod_info output etc., but not CGI generated
3 L' Q. ]4 o" } ]# f( R' q# documents or custom error documents).
9 c0 T. }1 x9 l5 ?, K# Set to "EMail" to also include a mailt link to the ServerAdmin.: ]) x% y+ _( _
# Set to one of: On | Off | EMail
/ p& h" h, E, o n+ z% k#
4 j# W& e* ~* v+ f& S% wServerSignature On* {9 A0 V/ \2 K. V1 A
ServerSignature Off . \8 q9 P& U1 e/ |4 Z3 C
修改后重起apache,再看看,
/ c1 k8 z. Y6 @; t& k$ uyiming# nc security.zz.ha.cn 80% ]1 a1 u: N, F
get index.lakdsjf
& ^- y# @0 V8 Q8 v. H+ S- u7 H<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">3 M, M% J5 ^' J1 t
<html><head>
. p2 f+ i" K, @<title>400 Bad Request</title>
/ r2 R+ P8 a( C+ N1 L1 e B' ?1 A</head><body>' L6 H0 D" U- r; v4 z$ f
<h1>Bad Request</h1>
, d$ u% l' g# v3 R1 G) o<p>Your browser sent a request that this server could not understand.<br />* I# J. e9 q$ B
</p>
- X) y/ x6 F$ z1 l</body></html> 4 [* o8 R! e. d+ P0 m- V
0 N. e- u l( N/ n9 k
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
