Got tired of answering this one on IRC. Feedback requested.
How can I change the information that Apache returns about itself in the headers? When a client connects to Apache, part of the information returned in the headers is the name "Apache" Additional information that can be sent is the version number, such as "1.3.26", the operating system, and a list of non-standard modules you have installed. Frequently, people want to remove this information, under the mistaken understanding that this will make the system more secure. This is probably not the case, as the same exploits will likely be attempted regardless of the header information you provide. There are, however, two answers to this question: the correct answer, and the answer that you are probably looking for. The correct answer to this question is that you should use the ServerTokens directive to alter the quantity of information which is passed in the headers. Setting this directive to "Prod" will pass the lease possible amount of information: Server: Apache The answer you are probably looking for is how to make Apache lie about what what it is, ie send something like: Server: Bob's Happy HTTPd Server In order to do this, you will need to modify the Apache source code and rebuilt Apache. This is not advised, as it is almost certain not to provide you with the added security you think that you are gaining. The exact method of doing this is left as an exercise for the reader, as we are not keen on helping you do something that is intrinsically a bad idea. -- Rich Bowen - [EMAIL PROTECTED] Author - Apache Administrator's Guide http://www.ApacheAdmin.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
