Server signature
Paul Querna
chip at force-elite.com
Mon Jul 25 17:26:35 GMT 2005
Uzi Klein wrote:
> Hi folks
>
> I know it's off topic but I'm trying to hide apache signature (for
> security reasons) and got a problem
>
> thew patch below does change the server name, but the signature still
> displays
>
> "My Server/1.0.0 (Unix) mod_perl/1.29 mod_ssl/2.8.22 OpenSSL/0.9.7e"
>
> Any clue where do i disable the modules list and the (Unix) part?
>
This is the wrong way to change it.
This will cause many scripts to mis-detect the version number.
ServerTokens is the correct directive to eliminate the list of modules.
If you want to change the name, you are better off doing it in other places.
-Paul
>
> Thanks, Uzi
>
>
> --- src/include/httpd.h.orig Mon Jul 25 10:18:14 2005
> +++ src/include/httpd.h Mon Jul 25 10:46:54 2005
> @@ -387,8 +387,8 @@
> */
>
> #define SERVER_BASEVENDOR "Apache Group"
> -#define SERVER_BASEPRODUCT "Apache"
> -#define SERVER_BASEREVISION "1.3.33"
> +#define SERVER_BASEPRODUCT "My Server"
> +#define SERVER_BASEREVISION "1.0.0"
> #define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
>
> #define SERVER_PRODUCT SERVER_BASEPRODUCT
>
>
More information about the freebsd-apache
mailing list