...Server: Apache/2.0.55 (Debian) PHP/5.1.2
Apache by default with most packaged distributions will display the Apache version you are running in a signature and generally any other modules loaded into it too. This can be a problem if you are running old versions with know security issues.
So if doing an upgrade is an inconvenience then perhaps masking the server signature is the way to go.
First we'll begin with PHP. If you navigate to your php.ini file (generally stored in /etc/php5/apache2/), you'll find the expose_php is set to "On". We can turn this off by simply typing in "Off".
Apache itself will sign the version number running too. Again a security issue. If you open the apache2.conf file (generally in /etc/apache2/), you can turn this off with setting:
ServerTokens ProductOnly
Or perhaps you want to scrap it all together:
ServerSignature Off
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Sunday, February 11, 2007
Subscribe to:
Posts (Atom)