By default many Apache installations tell the world what version of Apache you're running, what operating system/version you're running, and even what Apache Modules are installed on the server. Attackers can use this information to their advantage when performing an attack. It also sends the message that you have left most defaults alone.
The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.
The ServerTokens directive is used to determine what Apache will put in the ServerHTTP response header. By setting it to Prod it sets the HTTP response header as follows:
Server: Apache
and search for "ServerSignature" and press return. If you find it, edit it to:
ServerSignature Off
ServerTokens Prod
If you don't find it, just scroll to the end of the file and add these two lines.
Then, we need to reload apache configuration to put this new change in effect:
sudo /etc/init.d/apache2 reload
ServerSignature Off
ServerTokens Prod
If you don't find it, just scroll to the end of the file and add these two lines.
Then, we need to reload apache configuration to put this new change in effect:
sudo /etc/init.d/apache2 reload
No comments:
Post a Comment