[转载]如何叫你的apache不回显版本
文章作者:Yiming Gong(牛人前辈宫一鸣)默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
yiming# nc security.zz.ha.cn 80
get index.lakdsjf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr />
<address>Apache/x.y.z Server at security.zz.ha.cn Port 80</address>
</body></html>
我们看到上面显示了apache的版本号(:) 俺隐去了真实版本),这可不太好,能修改一下么?
答案是肯定的!
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
如下
# and compiled in modules.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Full
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
ServerSignature Off
修改后重起apache,再看看,
yiming# nc security.zz.ha.cn 80
get index.lakdsjf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
页:
[1]