|
作者:Yiming Gong0 E3 {" z9 B$ e, K
http://security.zz.ha.cn & I8 R/ f' J; r, ]) \6 d
默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
5 @' W8 i: e3 i& N9 yyiming# nc security.zz.ha.cn 80( I& M2 Q7 e8 [# X* M! h& M. r+ s
get index.lakdsjf7 L) R2 w0 d/ ^, X: w& ~5 g
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">8 }# s& t- t. T' ]
<html><head>
: V4 `4 W' u* ?8 i+ C2 q1 t9 J<title>400 Bad Request</title>) h4 a7 E/ y, D' A* J7 M) d
</head><body>9 K- I8 S5 ~0 w0 S' P$ `: A
<h1>Bad Request</h1>6 s( E. N: `& O9 l* I- h
<p>Your browser sent a request that this server could not understand.<br />
$ i. H5 n7 Z5 S" }. X$ J</p>
* j& s3 E' c* f {. }/ ?3 e<hr />' _8 C. x: a _% M( V
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
: N! ^9 X @( S5 F& b% N+ Q</body></html> 5 U3 O! {, W- ]7 B% d- O6 b
" X/ F# M) O) H) c7 G! t: u$ j+ [
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
( ~; t* v. R$ f答案是肯定的!) L0 T8 C: j g" U" Y; m
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:+ d3 b$ t3 @8 \3 P
如下
1 w% T6 ^. d6 M7 W# and compiled in modules./ ?! N5 G I! w7 _+ y" P) b! y
#% H' [( ~0 p5 c$ z, @( h; C
# ServerTokens
2 z# U1 q/ V3 Z" L5 e# This directive configures what you return as the Server HTTP response+ T% J2 n$ r! J7 D M S0 A6 E# L
# Header. The default is 'Full' which sends information about the OS-Type: n$ R' s: O: K) a, c/ z' A
# and compiled in modules.4 q# S7 H' J( n; |2 {
# Set to one of: Full | OS | Minor | Minimal | Major | Prod! K8 K0 M9 j( f, g1 v6 H, y0 r {
# where Full conveys the most information, and Prod the least.
0 F$ L& }" g7 O( T z; k#
; }* U8 i4 Q2 R7 v#ServerTokens Full v5 Y( U/ F9 p8 N* _& X S
ServerTokens Prod ; O4 n' K4 T4 ^' Q4 a
#; I e. n1 i; h" |+ t7 ^* C8 ~6 T
# Optionally add a line containing the server version and virtual host
; J( [. l6 d9 Q! h7 A, Y I# name to server-generated pages (internal error documents, FTP directory
) C: U) ]! A5 T7 ]4 O/ j9 \+ t0 U# listings, mod_status and mod_info output etc., but not CGI generated2 `; F4 G1 w E9 j. r8 _& R
# documents or custom error documents).2 \# y8 q ~9 \( N
# Set to "EMail" to also include a mailt link to the ServerAdmin.: a) `9 M* L- C Z4 z9 W T
# Set to one of: On | Off | EMail
, |! v. {3 ~! u# a* X; J8 S- }/ O+ A#
; T" W" i0 t! z& w, G' BServerSignature On' d+ S# m8 c9 S" y, M- q
ServerSignature Off
; {' i" x: {$ j$ c+ ^7 M7 L修改后重起apache,再看看,
9 j) y! v- Z6 V8 d3 pyiming# nc security.zz.ha.cn 80$ a2 Q6 {6 N8 n; f9 {
get index.lakdsjf
9 P4 a. i1 H2 I8 O& a/ ?- C<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">. l l" |, Q( A$ T- H* T; Y
<html><head>
$ L$ K9 p9 J4 d! W/ D0 U, P1 @<title>400 Bad Request</title>4 A: U% S; ]" L+ Y) M8 P
</head><body>
' H: @. g! c/ k0 p5 D$ f4 `<h1>Bad Request</h1>9 M& v& ~. Y9 S6 @# t
<p>Your browser sent a request that this server could not understand.<br />& |$ u! _9 T q! B. A
</p>" b) @9 @/ X4 H6 v
</body></html> & G3 s0 ]! U" z* E9 G8 d+ ~
& ~5 ?, _1 y' o
| 
IP卡
狗仔卡
发表于 2004-10-5 18:21
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
