[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Apache Header


Ulrich Klenk schrieb:


Stefan.Junge@xxxxxxxxxxxxxxx schrieb:


Is it possible to modify the apache header without recompiling the whole
package ?
I have installed a standard apache (RPM) shipped with SuSE.
When I´m scanning the box you will see e.g

Yes, its possible.

Apache Documentation "ServerTokens":

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not used!)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Don't forget ServerSignature if you use server signed pages!


Ok, one thing is missing. Sorry! Use this configuration in your httpd.conf


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here