Re: How to remove Apache version info from headers?
This is a discussion on Re: How to remove Apache version info from headers? within the Apache Web Server forums, part of the Web Server and Related Forums category; nickyboy wrote: > "Richard" <harding36@hotmail.com> wrote in message > news:3d438c91.0305021350.4a3fabd8@posting....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-16-2003
|
|||
|
|||
Re: How to remove Apache version info from headers?
nickyboy wrote:
> "Richard" <harding36@hotmail.com> wrote in message > news:3d438c91.0305021350.4a3fabd8@posting.google.c om... > >>I've been experimenting with the netcat utility lately and found that >>I could access my local Apache server with a command like this: >> >>nc -v localhost 80 >> >>I then execute a command like this: >> >>HEAD / HTTP/1.0 >> >>...and hit 2 carriage returns. I then receive this: >> >>HTTP/1.1 200 OK >>Date: Fri, 06 December 2052 16:26:61 GMT >>Server: Apache/1.2.15 (Win32) >>X-Powered-By: PHP/3.2.0 >>Connection: close >>Content-Type: text/html >> >>I don't want people to be able to access my server like this and be >>able to tell what versions of Apache and PHP I am running. >> >>How can I remove these details from the banner header that gets sent >>back when executing a HEAD, GET, or POST command as demonstrated >>above? > > > Almost every webserver includes those sorts of details in the reply - it's > pretty standard stuff but most browsers don't display the results to > users.... > You could try using the "Header" command and "Header unset Server" - I've > used "Header unset Cache-Control" in the past to modify things like the > no-cache headers... > > hth > nickyboy > > There is a direct method: "ServerTokens Product" in httpd.conf. You need to verify that this is compatable with your version. Note that your information may be "cached " at sites like www.netcraft.com. |
|
07-16-2003
|
|||
|
|||
|
Re: How to remove Apache version info from headers?
Hi every
this is pretty much the HTTP protocol, i.e. the transport protocol for HTML. In general you cannot supress it entirely if you want to run a Web Server. so your question should not be "how do I suppress the HTTP protocol?" but "Do I really need to run a Web Server?" suomi Sean Carlos wrote: > nickyboy wrote: > >> "Richard" <harding36@hotmail.com> wrote in message >> news:3d438c91.0305021350.4a3fabd8@posting.google.c om... >> >>> I've been experimenting with the netcat utility lately and found that >>> I could access my local Apache server with a command like this: >>> >>> nc -v localhost 80 >>> >>> I then execute a command like this: >>> >>> HEAD / HTTP/1.0 >>> >>> ...and hit 2 carriage returns. I then receive this: >>> >>> HTTP/1.1 200 OK >>> Date: Fri, 06 December 2052 16:26:61 GMT >>> Server: Apache/1.2.15 (Win32) >>> X-Powered-By: PHP/3.2.0 >>> Connection: close >>> Content-Type: text/html >>> >>> I don't want people to be able to access my server like this and be >>> able to tell what versions of Apache and PHP I am running. >>> >>> How can I remove these details from the banner header that gets sent >>> back when executing a HEAD, GET, or POST command as demonstrated >>> above? >> >> >> >> Almost every webserver includes those sorts of details in the reply - >> it's >> pretty standard stuff but most browsers don't display the results to >> users.... >> You could try using the "Header" command and "Header unset Server" - I've >> used "Header unset Cache-Control" in the past to modify things like the >> no-cache headers... >> >> hth >> nickyboy >> >> > There is a direct method: "ServerTokens Product" in httpd.conf. You > need to verify that this is compatable with your version. Note that > your information may be "cached " at sites like www.netcraft.com. > |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 07:41 AM.
