|

Hiding and modifying Apache server information [extend]

Linux, Serveriai
0 Comments

Fortunately, such data can easily hide and modify by changing the ServerSignature and ServerTokens directives.

ServerSignature

ServerSignature configures the footer on server-generated documents. Just like example 404 error page. Normal use it’s better hide whole signature and add or modify httpd.conf file or apache.conf file following row:

ServerSignature Off

If you some reason want show ServerSignature then use:

ServerSignature On

Or if you want show mailto link (example admin mail) then use:

ServerSignature Email

ServerTokens

Configures the Server HTTP response header. Different ServerTokens directive options are following (add or modify httpd.conf file orapache.conf):

Prod or ProductOnly – Server sends (e.g.): Server: Apache

ServerTokens Prod

Major – Server sends (e.g.): Server: Apache/2

ServerTokens Major

Minor – Server sends (e.g.): Server: Apache/2.2

ServerTokens Minor

Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4

ServerTokens Min

OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)

ServerTokens OS

Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4

ServerTokens Full

ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

Hide PHP version (X-Powered-By)

Hiding PHP version (X-Powered-By) is easy. Add or modify following php.ini file row like following:

expose_php = Off

Summary

Safest basic setup is following:
httpd.conf or apache.conf rows:

ServerSignature Off
ServerTokens Prod

php.ini row:

expose_php = Off

After all changes remember reload server and check results. The results should look like this:

Before:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 12:20:30 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Connection: close
Content-Type: text/html; charset=UTF-8

After:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 13:06:21 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Kviečiu įvertinti įrašą!
[Viso: 0 Vidurkis: 0]

Tikėtina Jus sudomins šie įrašai:

  1. LAMP Server Installation Guide on Debian 6 (Squeeze) (en)
  2. Kaip įjungti mod_rewrite ir curl linux serveryje (debian/ubuntu)
  3. Diegiame web serverį į CentOS 6.4
  4. Kaip Apache ir PHP išjungti versijų ir parašų rodymą

Similar Posts

|

Monitor Network Traffic and Bandwidth Usage In Real Time

If you want to monitor network throughput on the command line interface, use nload application. It is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in and outgoing traffic using two graphs and provides additional info like total amount of transferred data and min/max network usage. Kviečiu…

| |

Kas instaliuota sistemoje

Neretai užduodame sau klausimą, o kaip peržiūrėti kas instaliuota mūsų sistemoje? dpkg -l | more Kviečiu įvertinti įrašą![Viso: 0 Vidurkis: 0] Tikėtina Jus sudomins šie įrašai: Kaip įjungti mod_rewrite ir curl linux serveryje (debian/ubuntu) Jei sena Ubuntu versija neranda diegimo šaltinio Diegiame webalizer į Ubuntu/Debian serverį Zip, unzip naudojimas

Parašykite komentarą

El. pašto adresas nebus skelbiamas.

+ 53 = 63