httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Houser, Rick" <rick.hou...@jackson.com>
Subject RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.
Date Thu, 16 Mar 2017 13:04:49 GMT
diff -uNr httpd-2.4.12/include/ap_release.h httpd-2.4.12_new/include/ap_release.h
--- httpd-2.4.12/include/ap_release.h   2014-07-15 13:12:30.000000000 -0400
+++ httpd-2.4.12_new/include/ap_release.h       2014-08-06 16:02:19.651002566 -0400
@@ LINE_NUMBERING_ALL_MESSED_UP_NOT_A_REAL_DIFF @@
  *
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha"
  */
-#define AP_SERVER_BASEPROJECT "Apache HTTP Server"
-#define AP_SERVER_BASEPRODUCT "Apache"
+#define AP_SERVER_BASEPROJECT "My Project"
+#define AP_SERVER_BASEPRODUCT "My HTTP Server"

#define AP_SERVER_MINORVERSION_NUMBER 4
#define AP_SERVER_PATCHLEVEL_NUMBER   23
#define AP_SERVER_DEVBUILD_BOOLEAN    0
[


Keep in mind that this change is extremely superficial, and that anyone can see what you have
within a narrow version window anyhow with only a trivial fingerprinting effort.


Rick Houser
Web Administration

From: Yehuda Katz [mailto:yehuda@ymkatz.net]
Sent: Thursday, March 16, 2017 08:47
To: users@httpd.apache.org
Cc: knst.kolinko@gmail.com
Subject: RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

I believe the only way to do that is to recompile HTTPD yourself.

- Y
Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mar 16, 2017 6:02 AM, "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru@broadridge.com<mailto:Krishnachaithanya.Chunduru@broadridge.com>>
wrote:
Hi Konstantin/All,

I have now resolved the problem of the server name and OS version, but I was asked to remove
the Apache name itself from the response headers.

Can someone please let me know how can we achieve this on Aix, in linux we can use the mod_security
but I don't get anything like that in Aix.

Regards,
Krishna


-----Original Message-----
From: Chunduru, Krishnachaithanya [mailto:Krishnachaithanya.Chunduru@broadridge.com<mailto:Krishnachaithanya.Chunduru@broadridge.com>]
Sent: Wednesday, March 15, 2017 6:35 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

Hi,

Below are the entries I have updated in the httpd.conf and tried restarting the apache, but
it didn't started and didn't even gave any errors.

$cat /etc/httpd/conf/httpd.conf | grep -i signature ServerSignature Off

$ cat /etc/httpd/conf/httpd.conf | grep -i tokens ServerTokens Prod

Regards,
Krishna


-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com<mailto:knst.kolinko@gmail.com>]
Sent: Wednesday, March 15, 2017 1:24 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
<Krishnachaithanya.Chunduru@broadridge.com<mailto:Krishnachaithanya.Chunduru@broadridge.com>>:
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the
> OS name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.

Thus your edits have an effect. Good.

What are the actual lines, and what was the actual error message?

Check you spelling.  Copy-paste from documentation, if possible.

Try to search if other configuration files define those directives.
(The files included into main httpd.conf file with "Include" directive).


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org<mailto:users-help@httpd.apache.org>


This message and any attachments are intended only for the use of the addressee and may contain
information that is privileged and confidential. If the reader of the message is not the intended
recipient or an authorized representative of the intended recipient, you are hereby notified
that any dissemination of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by e-mail and delete the message
and any attachments from your system.
 B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB    [  X  ܚX K 
K[XZ[
  \ \  ][  X  ܚX P
 \ X  K ܙ B  ܈ Y  ] [ۘ[    [X[     K[XZ[
  \ \  Z [
 \ X  K ܙ B

This message and any attachments are intended only for the use of the addressee and may contain
information that is privileged and confidential. If the reader of the message is not the intended
recipient or an authorized representative of the intended recipient, you are hereby notified
that any dissemination of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by e-mail and delete the message
and any attachments from your system.
Mime
View raw message