[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Apache Header



Hi!

Ulrich Klenk schrieb:

Hi!

Stefan.Junge@xxxxxxxxxxxxxxx schrieb:

Hi,

Is it possible to modify the apache header without recompiling the whole
package ?
I have installed a standard apache (RPM) shipped with SuSE.
When I´m scanning the box you will see e.g
Server:Apache/1.3.x(Linux/Suse)...

Yes, its possible.

Apache Documentation "ServerTokens":

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not used!)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Don't forget ServerSignature if you use server signed pages!

Uli

Ok, one thing is missing. Sorry! Use this configuration in your httpd.conf

Uli



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here