Changing the Server: Header


Changing the Server: Header

ServerTokens Prod


Apache returns a Server: header with every request. By default, this header includes information about the server name, version, and platform. Other modules present in the server, such as SSL, PHP, or mod_perl, may add additional entries to the server string containing the module name and version. You can change or restrict the server header information using the ServerTokens directive. While it is always good to minimize the amount of information about the server configuration that is leaked to the external world, changing the server string will not bring much additional security: Most automated scan and attack tools will ignore this information and just probe for vulnerable scripts and modules one after another, regardless of the version and modules reported.




Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net