Ansgar These settings are set in /etc/apache2/conf.d/security. Changing it
Ansgar there works here. (If you set them in apache2.conf, I suppose you
Ansgar would have to set them after the include directive for conf.d.)
Right ... that stuff lives in /etc/apache2/conf.d/security since Lenny
now. I simply did not know -- it was in /etc/apache2/apache2.conf
before.
Below are my settings which, after restarting Apache, should make Apache
a lot less verbose:
,[ changes applied to a pristine Apache installation ]
| wks-ve10:/etc/apache2# grep -v \# conf.d/security | grep .
| ServerTokens Prod
| ServerSignature Off
| TraceEnable Off
| wks-ve10:/etc/apache2# grep conf.d apache2.conf
| Include /etc/apache2/conf.d/
| wks-ve10:/etc/apache2# dpkg -l apache2-mp* | grep ii
| ii apache2-mpm-worker 2.2.11-5 Apache HTTP Server
- high speed threaded mod
| wks-ve10:/etc/apache2# lsb_release -ric
| Distributor ID: Debian
| Release:testing
| Codename: squeeze
| wks-ve10:/etc/apache2#
`
As the box topic implies, I did not do anything else -- I just installed
apache2-mpm-worker and then made the changes as it can be seen above and
restarted. Now, if I try to visit a site that actually does not exist, I
should get the less verbose information because of ServerSignature Off
and ServerTokens Prod. Well, I should but nothing changes here. What am
I missing?
@Ansgar
You did exactly the same things I as shown above yes?
pgpcYVH0oHy7h.pgp
Description: PGP signature