OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [suse-security] making Apache hide info.
From: Yuri Robbers (yurirulbii.leidenuniv.nl)
Date: Fri Oct 06 2000 - 11:55:30 CDT

Hi all!

I always try to hide as many details about the services I'm running as
possible. I don't want, for example, my ftpd to tell everyone that it's
ProFTP 1.2.0 on an i386 running SuSE 7.0 or whatever. Legitimate users
don't need this info, and I don't want hackers to be able to get it
by just establishing a regular connection.

Of course this is easy to do for most service, but I haven't managed this
with Apache. Just surfing to a non-existing page, for example, gives out
an error message like this:

> Apache/1.3.12 Server at rulbii.leidenuniv.nl Port 80

How do I stop Apache from telling that it is Apache 1.3.12? I have worked
my way through httpd.conf, I've read the manual, but still I have no
clue... Can anyone help me?

Thanks!
Yuri.
--------------------------------------------------------------------------
drs. Yuri Robbers phone : +31-71-527-4966
Leiden University fax : +31-71-527-4900
Institute for Theoretical Biology email : robbersrulsfb.leidenuniv.nl
Kaiserstraat 63
2311 GP Leiden PGP 5.0 public key available:
the Netherlands Check your favourite hkp server.
--------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com