At 11:09 AM 2/17/2003 +0000, Menno M Jansz wrote: >Add the following to your httpd.conf: > >ServerTokens ProductOnly
Good idea! According to the Apache doc, this should prevent the server from identifying the OS and the Apache version. Withholding information from potential hackers seems like a good idea. Alas, it doesn't appear to work... I run a RaQ2 and have religiously applied all the updates. Here's what I did: 1. added the above directive to /etc/httpd/conf/httpd.conf 2. restarted Apache 3. telnetted to Apache and made this request: get / http/1.0 <cr> <cr> The header that came back included the following: Server: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux) What I had expected was: Server: Apache What am I doing wrong? Many thanks for any light you can shed! Dan Keller _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
