|
Other BSD and UNIX/UNIX-like Any other flavour of BSD or UNIX that does not have a section of its own. |
|
Thread Tools | Display Modes |
|
|||
Apache response to "OPTIONS * HTTP/1.0"
hello, I have read my apache log and i found some request "OPTIONS * HTTP/1.0". I have test with telnet to send the same request and my apache respond:
Server: Apache/2.2.9 (FreeBSD) PHP/5.2.6 with Suhosin-Patch I dont like that, hackers can know my version of apache and php. how to change that? because I have made some test on other server and I receive just : Server : Apache Last edited by samile; 1st August 2008 at 09:17 PM. Reason: I have the last PcBSD. look my other post for complete version |
|
|||
I think that the modification you want to make is really just an act of sleight of hand - anyone that really wants to know can very easily determine your versions of apache, php and openssl. Additionally, there are a number of fingerprinting applications that can provide them with your OS and OS version, too.
That said, here is a tutorial that may help you accomplish this. Really, though, active protection like mod_security and phpIDS might do more to protect you than simply not displaying those version numbers. |
|
|||
I'm happy my Apache respond Apache now.
thx very much. I host just my personnal website. i don't need very much security. for the scripting. thx thx thx. Last edited by samile; 1st August 2008 at 09:50 PM. Reason: And sorry for my english ;-) |
|
|||
Security through obscurity == Bad idea.
There was a discussion on the OpenBSD mailing list, someone requested how to hide the OpenSSH version identification.. Theo striked them down. Anyway, the point is, instead of hiding the version... keep on it, look out for vulnerabilities and maintain the machine "you" put on the Internet. If that's too hard for you, lookup the <Limit> directive. |
|
|||
i'm medium on administration but i'm developper. and i protect my script. I read my log. but for maintain the machine up to date, it's another problem (i'm very busy)...
i have kick the bruteforce on ssh with PF. and i have only ssh/apache/php/mysql running. i have put clamav just for "reassure" me. and i try to read my log and my system mail every weekend (I have only 1 user me (and root), and 1 website of 5 pages). Last edited by samile; 1st August 2008 at 10:03 PM. Reason: Hiding version + up to date = more secure |
Tags |
options * http/1.0 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Opera Port - conflicting pkgs in "make install" | IronForge | OpenBSD Packages and Ports | 5 | 29th October 2009 05:10 AM |
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" | jb_daefo | Guides | 0 | 5th October 2009 09:31 PM |
"Thanks" and "Edit Tags". | diw | Feedback and Suggestions | 2 | 29th March 2009 12:06 AM |
can't start apache "httpd not running" | disappearedng | FreeBSD General | 5 | 22nd September 2008 10:18 PM |
Newbie-friendly "printing in OpenBSD" guide wanted | Shagbag | OpenBSD Packages and Ports | 5 | 7th July 2008 09:26 PM |