Apache Server Token changing

My friend (xoff) showed me his trick about ServerToken changing. It looks nice, and can be a little bit more secure (for sure it kills the robots) than line simply showed by my apache server:

Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7………

Can be limited by changing in your apache.conf:

ServerTokens Full

to:

ServerTokens Prod

note that if no option is set the default is Full (read more at apache documentation)

But if you really want to have somethins different, just use mod_security module, and add

SecServerSignature “someCOOLapacheName v1.1.1.1.1.1.0″

note that you have to set ServerTokens to Full option to see the effects of SecServerSignature.

Tags: , , ,

Wednesday, December 12th, 2007 Linux, Security, Tips

No comments yet.

Leave a comment

Categories

Archive

Links

Meta