RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi Eric,

Can you please help me in recompiling the apache to overcome these issues.

Regards,
Krishna

-Original Message-
From: Eric Covener [mailto:cove...@gmail.com] 
Sent: Thursday, March 16, 2017 10:05 PM
To: users@httpd.apache.org
Cc: knst.koli...@gmail.com
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

On Thu, Mar 16, 2017 at 11:44 AM, Chunduru, Krishnachaithanya 
 wrote:
> Is there a way to do it in the httpd-ssl.conf or from httpd.conf ?


The name of the configuration file is all but meaningless.

If you want to use a feature from some module, load it and configure it.


--
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Eric Covener]

On Thu, Mar 16, 2017 at 11:44 AM, Chunduru, Krishnachaithanya
 wrote:
> Is there a way to do it in the httpd-ssl.conf or from httpd.conf ?


The name of the configuration file is all but meaningless.

If you want to use a feature from some module, load it and configure it.


-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi Eric,

Thanks for the suggestion.

Is there a way to do it in the httpd-ssl.conf or from httpd.conf ?

Regards,
Krishna

-Original Message-
From: Eric Covener [mailto:cove...@gmail.com] 
Sent: Thursday, March 16, 2017 6:19 PM
To: users@httpd.apache.org
Cc: knst.koli...@gmail.com
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

On Thu, Mar 16, 2017 at 8:47 AM, Yehuda Katz  wrote:
> I believe the only way to do that is to recompile HTTPD yourself.

mod_security is third-party

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Houser, Rick]

diff -uNr httpd-2.4.12/include/ap_release.h 
httpd-2.4.12_new/include/ap_release.h
--- httpd-2.4.12/include/ap_release.h   2014-07-15 13:12:30.0 -0400
+++ httpd-2.4.12_new/include/ap_release.h   2014-08-06 16:02:19.651002566 
-0400
@@ LINE_NUMBERING_ALL_MESSED_UP_NOT_A_REAL_DIFF @@
  *
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha"
  */
-#define AP_SERVER_BASEPROJECT "Apache HTTP Server"
-#define AP_SERVER_BASEPRODUCT "Apache"
+#define AP_SERVER_BASEPROJECT "My Project"
+#define AP_SERVER_BASEPRODUCT "My HTTP Server"

#define AP_SERVER_MINORVERSION_NUMBER 4
#define AP_SERVER_PATCHLEVEL_NUMBER   23
#define AP_SERVER_DEVBUILD_BOOLEAN0
[


Keep in mind that this change is extremely superficial, and that anyone can see 
what you have within a narrow version window anyhow with only a trivial 
fingerprinting effort.


Rick Houser
Web Administration

From: Yehuda Katz [mailto:yeh...@ymkatz.net]
Sent: Thursday, March 16, 2017 08:47
To: users@httpd.apache.org
Cc: knst.koli...@gmail.com
Subject: RE: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

I believe the only way to do that is to recompile HTTPD yourself.

- Y
Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mar 16, 2017 6:02 AM, "Chunduru, Krishnachaithanya" 
mailto:krishnachaithanya.chund...@broadridge.com>>
 wrote:
Hi Konstantin/All,

I have now resolved the problem of the server name and OS version, but I was 
asked to remove the Apache name itself from the response headers.

Can someone please let me know how can we achieve this on Aix, in linux we can 
use the mod_security but I don't get anything like that in Aix.

Regards,
Krishna


-Original Message-
From: Chunduru, Krishnachaithanya 
[mailto:krishnachaithanya.chund...@broadridge.com<mailto:krishnachaithanya.chund...@broadridge.com>]
Sent: Wednesday, March 15, 2017 6:35 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

Hi,

Below are the entries I have updated in the httpd.conf and tried restarting the 
apache, but it didn't started and didn't even gave any errors.

$cat /etc/httpd/conf/httpd.conf | grep -i signature ServerSignature Off

$ cat /etc/httpd/conf/httpd.conf | grep -i tokens ServerTokens Prod

Regards,
Krishna


-Original Message-
From: Konstantin Kolinko 
[mailto:knst.koli...@gmail.com<mailto:knst.koli...@gmail.com>]
Sent: Wednesday, March 15, 2017 1:24 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
mailto:krishnachaithanya.chund...@broadridge.com>>:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the
> OS name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling.  Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: 
users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: 
users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org>


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.
 B CB[  
X  ܚX K  K[XZ[
  \ \  ][  X  ܚX P
 \ X  K ܙ B  ܈ Y  ] [ۘ[[X[ K[XZ[
  \ \  Z [
 \ X  K ܙ B

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Eric Covener]

On Thu, Mar 16, 2017 at 8:47 AM, Yehuda Katz  wrote:
> I believe the only way to do that is to recompile HTTPD yourself.

mod_security is third-party

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

I believe the only way to do that is to recompile HTTPD yourself.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mar 16, 2017 6:02 AM, "Chunduru, Krishnachaithanya" <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi Konstantin/All,
>
> I have now resolved the problem of the server name and OS version, but I
> was asked to remove the Apache name itself from the response headers.
>
> Can someone please let me know how can we achieve this on Aix, in linux we
> can use the mod_security but I don't get anything like that in Aix.
>
> Regards,
> Krishna
>
>
> -Original Message-
> From: Chunduru, Krishnachaithanya [mailto:Krishnachaithanya.
> chund...@broadridge.com]
> Sent: Wednesday, March 15, 2017 6:35 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
> Hi,
>
> Below are the entries I have updated in the httpd.conf and tried
> restarting the apache, but it didn't started and didn't even gave any
> errors.
>
> $cat /etc/httpd/conf/httpd.conf | grep -i signature ServerSignature Off
>
> $ cat /etc/httpd/conf/httpd.conf | grep -i tokens ServerTokens Prod
>
> Regards,
> Krishna
>
>
> -Original Message-
> From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
> Sent: Wednesday, March 15, 2017 1:24 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
> 2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
> :
> > Hi All,
> >
> >
> >
> > Can anyone please let me know how to hide the apache version and the
> > OS name running on Aix server.
> >
> >
> >
> > The servertokens or the server signature fields are set to PROD and
> > signature off, then I tried restarting the httpd but apache was not
> > starting until these two parameters are removed from the config file.
>
> Thus your edits have an effect. Good.
>
> What are the actual lines, and what was the actual error message?
>
> Check you spelling.  Copy-paste from documentation, if possible.
>
> Try to search if other configuration files define those directives.
> (The files included into main httpd.conf file with "Include" directive).
>
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>  B CB
>   [  X  ܚX K  K[XZ[
>   \ \  ][  X  ܚX P
>  \ X  K ܙ B  ܈ Y  ] [ۘ[[X[ K[XZ[
>   \ \  Z [
>  \ X  K ܙ B
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi Konstantin/All,

I have now resolved the problem of the server name and OS version, but I was 
asked to remove the Apache name itself from the response headers. 

Can someone please let me know how can we achieve this on Aix, in linux we can 
use the mod_security but I don't get anything like that in Aix.

Regards,
Krishna


-Original Message-
From: Chunduru, Krishnachaithanya 
[mailto:krishnachaithanya.chund...@broadridge.com] 
Sent: Wednesday, March 15, 2017 6:35 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

Hi,

Below are the entries I have updated in the httpd.conf and tried restarting the 
apache, but it didn't started and didn't even gave any errors.

$cat /etc/httpd/conf/httpd.conf | grep -i signature ServerSignature Off

$ cat /etc/httpd/conf/httpd.conf | grep -i tokens ServerTokens Prod

Regards,
Krishna


-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Wednesday, March 15, 2017 1:24 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the 
> OS name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and 
> signature off, then I tried restarting the httpd but apache was not 
> starting until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling.  Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.
B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[
 \X K ܙ B

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Mitchell Krog Photography]

I’ve tested on CentOS 6.8, Apache 2.2.15

Both

*ServerTokens PROD*
*ServerSignature Off*

Work perfectly and do not affect the starting of the server.

Secondly have you actually ever run a configtest?

*apachectl configtest*

If you copy and paste the the ServerTokens and ServerSignature lines above
exactly as I have them they will work. If not then you have messed up
something else in your httpd.conf file which is why a configtest is so
important.

I attach a very basic httpd.conf which you can try, it’s as basic as it
gets.

Regards
Mitchell



From: Chunduru, Krishnachaithanya


Reply: users@httpd.apache.org 

Date: 15 March 2017 at 3:05:15 PM
To: users@httpd.apache.org  
Subject:  RE: [users@httpd] Hiding Apache version info on the Aix server
for Apache.

Hi,

Below are the entries I have updated in the httpd.conf and tried restarting
the apache, but it didn't started and didn't even gave any errors.

$cat /etc/httpd/conf/httpd.conf | grep -i signature
ServerSignature Off

$ cat /etc/httpd/conf/httpd.conf | grep -i tokens
ServerTokens Prod

Regards,
Krishna


-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Wednesday, March 15, 2017 1:24 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for
Apache.

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the
> OS name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling. Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and confidential.
If the reader of the message is not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
e-mail and delete the message and any attachments from your system.
B‹CB• È
[œÝXœØÜšX™K K[XZ[ ˆ \Ù\œË][œÝXœØÜšX™P ˜\ XÚ K›Ü™ÃB‘›Üˆ Y ] [Û˜[ ÛÛ[X[™ Ë
K[XZ[ ˆ \Ù\œËZ [ ˜\ XÚ K›Ü™ÃB


httpd.conf
Description: Binary data

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi,

Below are the entries I have updated in the httpd.conf and tried restarting the 
apache, but it didn't started and didn't even gave any errors.

$cat /etc/httpd/conf/httpd.conf | grep -i signature
ServerSignature Off

$ cat /etc/httpd/conf/httpd.conf | grep -i tokens
ServerTokens Prod

Regards,
Krishna


-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: Wednesday, March 15, 2017 1:24 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the 
> OS name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and 
> signature off, then I tried restarting the httpd but apache was not 
> starting until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling.  Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Konstantin Kolinko]

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS name
> running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not starting
> until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling.  Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Mitchell Krog Photography]

Sorry typo ….  /etc/apache2/conf-available/security.conf



From: Chunduru, Krishnachaithanya


Reply: users@httpd.apache.org 

Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.apache.org  
Subject:  [users@httpd] Hiding Apache version info on the Aix server for
Apache.

Hi All,



Can anyone please let me know how to hide the apache version and the OS
name running on Aix server.



The servertokens or the server signature fields are set to PROD and
signature off, then I tried restarting the httpd but apache was not
starting until these two parameters are removed from the config file.



*Regards,*

*Krishna*



This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and confidential.
If the reader of the message is not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
e-mail and delete the message and any attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Mitchell Krog Photography]

What happens you run a configtest ??? On your distro it could be either

sudo apachectl configtest

or

sudo apache2ctl configtest


Really wish package maintainers would agree on some kind of layout standard
of the apache directory structure between distro’s.




From: Yehuda Katz  
Reply: Yehuda Katz  
Date: 14 March 2017 at 3:58:48 PM
To: users@httpd.apache.org  
Cc: Mitchell Krog Photography 

Subject:  Re: [users@httpd] Hiding Apache version info on the Aix server
for Apache.

HTTPD should be logging somewhere, often /var/log/httpd or
/var/log/apache2. See if there is an error there.

- Y

On Tue, Mar 14, 2017 at 9:35 AM, Chunduru, Krishnachaithanya <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi,
>
>
>
> No, I was not getting any error. When the script is executed, it is giving
> message like “starting Apache” later when we are checking the process is
> not running.
>
>
>
> I can’t even find the /etc/conf-* dir in our Aix server.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> * From:* Yehuda Katz [mailto:yeh...@ymkatz.net]
> *Sent:* Tuesday, March 14, 2017 7:02 PM
> *To:* users@httpd.apache.org
> *Cc:* Mitchell Krog Photography
>
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> /etc/conf-available/security.conf is part of the Debian/Ubuntu packaged
> layout of HTTPD, not standard.
>
>
>
> Do you get an error when you try to start up the server?
>
>
>
> - Y
>
>
>
> On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya <
> krishnachaithanya.chund...@broadridge.com> wrote:
>
> Hi,
>
>
>
> I couldn’t find the file security.conf.
>
>
>
> We are having 2.4.x version running. I have only /etc/httpd/ dir, but not
> /etc/apache2. Can you please help me if there are any other files to check.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> * From:* Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
> *Sent:* Tuesday, March 14, 2017 5:54 PM
> *To:* Chunduru, Krishnachaithanya; users@httpd.apache.org
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> Sorry typo ….  /etc/apache2/conf-available/security.conf
>
>
>
>
>
>
> From: Chunduru, Krishnachaithanya  broadridge.com> 
> Reply: users@httpd.apache.org 
> 
> Date: 14 March 2017 at 1:56:04 PM
> To: users@httpd.apache.org 
> 
> Subject:  [users@httpd] Hiding Apache version info on the Aix server for
> Apache.
>
>
>
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS
> name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

HTTPD should be logging somewhere, often /var/log/httpd or
/var/log/apache2. See if there is an error there.

- Y

On Tue, Mar 14, 2017 at 9:35 AM, Chunduru, Krishnachaithanya <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi,
>
>
>
> No, I was not getting any error. When the script is executed, it is giving
> message like “starting Apache” later when we are checking the process is
> not running.
>
>
>
> I can’t even find the /etc/conf-* dir in our Aix server.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Yehuda Katz [mailto:yeh...@ymkatz.net]
> *Sent:* Tuesday, March 14, 2017 7:02 PM
> *To:* users@httpd.apache.org
> *Cc:* Mitchell Krog Photography
>
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> /etc/conf-available/security.conf is part of the Debian/Ubuntu packaged
> layout of HTTPD, not standard.
>
>
>
> Do you get an error when you try to start up the server?
>
>
>
> - Y
>
>
>
> On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya <
> krishnachaithanya.chund...@broadridge.com> wrote:
>
> Hi,
>
>
>
> I couldn’t find the file security.conf.
>
>
>
> We are having 2.4.x version running. I have only /etc/httpd/ dir, but not
> /etc/apache2. Can you please help me if there are any other files to check.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
> *Sent:* Tuesday, March 14, 2017 5:54 PM
> *To:* Chunduru, Krishnachaithanya; users@httpd.apache.org
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> Sorry typo ….  /etc/apache2/conf-available/security.conf
>
>
>
>
>
>
> From: Chunduru, Krishnachaithanya  broadridge.com> 
> Reply: users@httpd.apache.org 
> 
> Date: 14 March 2017 at 1:56:04 PM
> To: users@httpd.apache.org 
> 
> Subject:  [users@httpd] Hiding Apache version info on the Aix server for
> Apache.
>
>
>
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS
> name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi,

No, I was not getting any error. When the script is executed, it is giving 
message like “starting Apache” later when we are checking the process is not 
running.

I can’t even find the /etc/conf-* dir in our Aix server.

Regards,
Krishna

From: Yehuda Katz [mailto:yeh...@ymkatz.net]
Sent: Tuesday, March 14, 2017 7:02 PM
To: users@httpd.apache.org
Cc: Mitchell Krog Photography
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

/etc/conf-available/security.conf is part of the Debian/Ubuntu packaged layout 
of HTTPD, not standard.

Do you get an error when you try to start up the server?

- Y

On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya 
mailto:krishnachaithanya.chund...@broadridge.com>>
 wrote:
Hi,

I couldn’t find the file security.conf.

We are having 2.4.x version running. I have only /etc/httpd/ dir, but not 
/etc/apache2. Can you please help me if there are any other files to check.

Regards,
Krishna

From: Mitchell Krog Photography 
[mailto:mitchellk...@gmail.com<mailto:mitchellk...@gmail.com>]
Sent: Tuesday, March 14, 2017 5:54 PM
To: Chunduru, Krishnachaithanya; 
users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

Sorry typo ….  /etc/apache2/conf-available/security.conf



From: Chunduru, Krishnachaithanya 
<mailto:krishnachaithanya.chund...@broadridge.com>
Reply: users@httpd.apache.org<mailto:users@httpd.apache.org> 
<mailto:users@httpd.apache.org>
Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org> 
<mailto:users@httpd.apache.org>
Subject:  [users@httpd] Hiding Apache version info on the Aix server for Apache.

Hi All,

Can anyone please let me know how to hide the apache version and the OS name 
running on Aix server.

The servertokens or the server signature fields are set to PROD and signature 
off, then I tried restarting the httpd but apache was not starting until these 
two parameters are removed from the config file.

Regards,
Krishna


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

/etc/conf-available/security.conf is part of the Debian/Ubuntu packaged
layout of HTTPD, not standard.

Do you get an error when you try to start up the server?

- Y

On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi,
>
>
>
> I couldn’t find the file security.conf.
>
>
>
> We are having 2.4.x version running. I have only /etc/httpd/ dir, but not
> /etc/apache2. Can you please help me if there are any other files to check.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
> *Sent:* Tuesday, March 14, 2017 5:54 PM
> *To:* Chunduru, Krishnachaithanya; users@httpd.apache.org
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> Sorry typo ….  /etc/apache2/conf-available/security.conf
>
>
>
>
>
>
> From: Chunduru, Krishnachaithanya  broadridge.com> 
> Reply: users@httpd.apache.org 
> 
> Date: 14 March 2017 at 1:56:04 PM
> To: users@httpd.apache.org 
> 
> Subject:  [users@httpd] Hiding Apache version info on the Aix server for
> Apache.
>
>
>
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS
> name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Chunduru, Krishnachaithanya]

Hi,

I couldn’t find the file security.conf.

We are having 2.4.x version running. I have only /etc/httpd/ dir, but not 
/etc/apache2. Can you please help me if there are any other files to check.

Regards,
Krishna

From: Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
Sent: Tuesday, March 14, 2017 5:54 PM
To: Chunduru, Krishnachaithanya; users@httpd.apache.org
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for 
Apache.

Sorry typo ….  /etc/apache2/conf-available/security.conf



From: Chunduru, Krishnachaithanya 
<mailto:krishnachaithanya.chund...@broadridge.com>
Reply: users@httpd.apache.org<mailto:users@httpd.apache.org> 
<mailto:users@httpd.apache.org>
Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org> 
<mailto:users@httpd.apache.org>
Subject:  [users@httpd] Hiding Apache version info on the Aix server for Apache.


Hi All,

Can anyone please let me know how to hide the apache version and the OS name 
running on Aix server.

The servertokens or the server signature fields are set to PROD and signature 
off, then I tried restarting the httpd but apache was not starting until these 
two parameters are removed from the config file.

Regards,
Krishna


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Mitchell Krog Photography]

Not sure what version of apache you are using but in versions 2.4.x the
modification is done in /etc/conf-available/security.conf and not in the
http.conf or apache2.conf file.



From: Chunduru, Krishnachaithanya


Reply: users@httpd.apache.org 

Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.apache.org  
Subject:  [users@httpd] Hiding Apache version info on the Aix server for
Apache.

Hi All,



Can anyone please let me know how to hide the apache version and the OS
name running on Aix server.



The servertokens or the server signature fields are set to PROD and
signature off, then I tried restarting the httpd but apache was not
starting until these two parameters are removed from the config file.



*Regards,*

*Krishna*



This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and confidential.
If the reader of the message is not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
e-mail and delete the message and any attachments from your system.