Deocs Postmaster wrote:
> From telnet HEAD / HTTP/1.0 returns the type of server,
> installed modules, and other information.
> Why is this information so openly disclosed, and is
> there an easy way to disable or modify it?
Do you think hiding your apache version number will save you from
hackers? Security through obscurity is no security. A typical hack
program looks like this:
foreach (@list_of_hosts_to_hack) {
my $version = get_apache_version_number($_);
if (defined($version)) {
do_fiendish_hack($_);
}
else {
# Drat! hackee has hidden version number!
do_fiendish_hack_anyway($_);
}
}
If you really want to hide it, use the ServerTokens directive.
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
