Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Reconfiguring Apache web server information 1
- Thread starter LearnerAu
- Start date
Hi,
I can personally understand wanting to do this but don`t even know where to start!!
If you changed the version number and even the type, when scanned the returned version and type would show different from the actual "real" details.
This means that, lets say a hacker is looking for a server running apache 1.3.14 because that server has a particular security flaw that has just been discovered. They scan your site and the version returned is different so they ignore this machine at present rather than accessing your files.
If your returned version is the same as the one they are looking for then they try to gain access with this particular flaw, but no access is gained because you are not running the server they think you are...
Keeping up? No neither am I.. LOL
I will scout the internet to try and find an answer to this..
Hope this helps Wullie
I can personally understand wanting to do this but don`t even know where to start!!
If you changed the version number and even the type, when scanned the returned version and type would show different from the actual "real" details.
This means that, lets say a hacker is looking for a server running apache 1.3.14 because that server has a particular security flaw that has just been discovered. They scan your site and the version returned is different so they ignore this machine at present rather than accessing your files.
If your returned version is the same as the one they are looking for then they try to gain access with this particular flaw, but no access is gained because you are not running the server they think you are...
Keeping up? No neither am I.. LOL
I will scout the internet to try and find an answer to this..
Hope this helps Wullie
-
1
- #3
Hi,
As far as I can see you need to edit the \wherever\apache_1.3.23\src\include\httpd.h file :
/*
* The below defines the base string of the Server: header. Additional
* tokens can be added via the ap_add_version_component() API call.
*
* The tokens are listed in order of their significance for identifying the
* application.
*
* "Product tokens should be short and to the point -- use of them for
* advertizing or other non-essential information is explicitly forbidden."
*
* Example: "Apache/1.1.0 MrWidget/0.1-alpha"
*/
#define SERVER_BASEVENDOR "Apache Group"
#define SERVER_BASEPRODUCT "Apache"
#define SERVER_BASEREVISION "1.3.23"
#define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
#define SERVER_PRODUCT SERVER_BASEPRODUCT
#define SERVER_REVISION SERVER_BASEREVISION
#define SERVER_VERSION SERVER_PRODUCT "/" SERVER_REVISION
enum server_token_type {
SrvTk_MIN, /* eg: Apache/1.3.0 */
SrvTk_OS, /* eg: Apache/1.3.0 (UNIX) */
SrvTk_FULL, /* eg: Apache/1.3.0 (UNIX) PHP/3.0 FooBar/1.2b */
SrvTk_PRODUCT_ONLY /* eg: Apache */
};
... and then recompile. I.e. it doesn't appear to be something that can be overridden in a config file .
Hope this helps
As far as I can see you need to edit the \wherever\apache_1.3.23\src\include\httpd.h file :
/*
* The below defines the base string of the Server: header. Additional
* tokens can be added via the ap_add_version_component() API call.
*
* The tokens are listed in order of their significance for identifying the
* application.
*
* "Product tokens should be short and to the point -- use of them for
* advertizing or other non-essential information is explicitly forbidden."
*
* Example: "Apache/1.1.0 MrWidget/0.1-alpha"
*/
#define SERVER_BASEVENDOR "Apache Group"
#define SERVER_BASEPRODUCT "Apache"
#define SERVER_BASEREVISION "1.3.23"
#define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
#define SERVER_PRODUCT SERVER_BASEPRODUCT
#define SERVER_REVISION SERVER_BASEREVISION
#define SERVER_VERSION SERVER_PRODUCT "/" SERVER_REVISION
enum server_token_type {
SrvTk_MIN, /* eg: Apache/1.3.0 */
SrvTk_OS, /* eg: Apache/1.3.0 (UNIX) */
SrvTk_FULL, /* eg: Apache/1.3.0 (UNIX) PHP/3.0 FooBar/1.2b */
SrvTk_PRODUCT_ONLY /* eg: Apache */
};
... and then recompile. I.e. it doesn't appear to be something that can be overridden in a config file .
Hope this helps
- Status