James, I think you're mis-reading his use of telnet, I think what he
means to say is 'when I telnet to port 80 ..'
In any case I can see why one would want to make it harder for someone
to exploit unknown exploits (if that makes sense)
If you wish to modify the string returned by HEAD simply edit your
apache_src_dist/src/includes/httpd.h after you've configured:
httpd.h:430: #define SERVER_BASEVERSION "Apache/Hiden Version" /*
SEE COMMENTS ABOVE */
httpd.h:431: #define SERVER_VERSION SERVER_BASEVERSION
then our resulting query of HEAD:
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.0 OK
HTTP/1.1 200 OK
Date: Mon, 07 May 2001 15:08:11 GMT
Server: Apache/Hiden Version (Unix)
Connection: close
Content-Type: text/html
Have fun ;-)
James Hastings-Trew wrote:
>
> on 5/7/01 5:34 AM, Deocs Postmaster at [EMAIL PROTECTED] wrote:
>
> > From telnet this command returns the type of server,
> > installed modules, and other information. That info
> > is tabulated and tracked by www.netcraft.com (who also
> > infers the operating system) and can help an attacker
> > find a website's vulnerabilities.
>
> You want to run a secure server but you have telnet access to it. Seems like
> the server info is the least of your security problems.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
