You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Al Caponi <do...@yahoo.com.sg> on 2003/07/03 11:13:17 UTC

[users@httpd] Hiding webserver name/version from clients

Hi,
If I configure Apache not to give any hint on its web pages (e.g. error
pages) that the web server is Apache, is it possible for an advanced user to
find out the origin of the webserver through other means?
Is it possible, for security reasons, in Apache 1.x or 2.x to totally hide
the webserver name/version from the clients? I.e. If I don't want my clients
to know that the server they are connecting to is an Apache etc.

Many thanks,
Al.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Hiding webserver name/version from clients

Posted by Miguel González Castaños <mg...@tid.es>.

AFAIK you can use tools as idserve and retrieve some information of the
webserver. What you
say It would be nice to hide some information to the the average user...

HTH

Miguel

Al Caponi ha escrito:

> Hi,
> If I configure Apache not to give any hint on its web pages (e.g. error
> pages) that the web server is Apache, is it possible for an advanced user to
> find out the origin of the webserver through other means?
> Is it possible, for security reasons, in Apache 1.x or 2.x to totally hide
> the webserver name/version from the clients? I.e. If I don't want my clients
> to know that the server they are connecting to is an Apache etc.
>
> Many thanks,
> Al.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Hiding webserver name/version from clients

Posted by Jeff Cohen <su...@gej-it.com>.

Check ServerTokens and ServerSignature:
http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

http://httpd.apache.org/docs-2.0/mod/core.html#serversignature

All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!



> -----Original Message-----
> From: Al Caponi [mailto:don_alcaponi@yahoo.com.sg]
> Sent: Thursday, July 03, 2003 5:13 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Hiding webserver name/version from clients
> 
> Hi,
> If I configure Apache not to give any hint on its web pages (e.g. error
> pages) that the web server is Apache, is it possible for an advanced user
to
> find out the origin of the webserver through other means?
> Is it possible, for security reasons, in Apache 1.x or 2.x to totally hide
> the webserver name/version from the clients? I.e. If I don't want my
clients
> to know that the server they are connecting to is an Apache etc.
> 
> Many thanks,
> Al.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org