|
Security Incidents
mailing list archives
Re: HTTP attack looking for /sumthin ?
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sat, 19 Oct 2002 01:06:56 +0200 (CEST)
On Fri, 18 Oct 2002, Patrick Oonk wrote:
Add the lines
ServerTokens prod
ServerSignature no
to your Apache config (httpd.conf) to prevent the server from disclosing
this information.
ServerTokens ProductOnly
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
ServerSignature Off
According to the build in instructions, online manual and FAQ.
http://httpd.apache.org/docs/misc/FAQ-E.html#serverheader
http://httpd.apache.org/docs/mod/core.html
But do not expect to gain much security.
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Re: HTTP attack looking for /sumthin ?, (continued)
|
Intro
