Eric, Can you let me know the best possible way to hide this banner.
Sukhjeet -----Original Message----- From: Dan Poirier [mailto:[email protected]] Sent: Wednesday, June 10, 2009 6:05 PM To: [email protected] Subject: [us...@httpd] Re: Fixing HTTP Service / Server Version Detected Eric Covener <[email protected]> writes: > On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet > <[email protected]> wrote: >> The server allows capture of the HTTP service banner. Service banners can >> contain sensitive information, such as application and Operating System (OS) >> version numbers. An attacker can use the version information from your Web >> server to determine if there are any known vulnerabilities present, or can >> use such information to create attacks towards the specific application or >> OS. > > http://httpd.apache.org/docs/2.2/mod/core.html#servertokens Sukhjeet, you can hide this information, but I wouldn't think it would make your server any more secure. Most attackers will probably just try a bunch of known vulnerabilities without even looking at the OS and version. -- Dan Poirier <[email protected]> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
