You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Takacs Istvan <is...@hungax.com> on 2002/07/16 10:41:32 UTC
How can I hide web server from netcraft?
Hi,
Can I hide somehow the type of the web server from
scanner and telnet programs?
When I use netcraft to scan our servers than it can detect
the correct type of the server.
I use ServerTokens and ServerSignature options,
but they're not enough to hide the Apache server
from the response:
Date: Tue, 16 Jul 2002 08:40:33 GMT
Server: Apache
Thanks in advance!
Regards;
Istvan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: How can I hide web server from netcraft?
Posted by Mark Mentovai <ma...@mentovai.com>.
Werner Schalk wrote:
> is there a way to stop netcraft
> from detecting the os? which firewall
> rules on linux could apply?
(This isn't strictly an Apache question, but)
Fat chance. Subtle behaviors that distinguish one operating system (or even OS
release) from another are controlled by the kernel, you would need to make many
changes, probably at the expense of performance or correctness, just to mask a
bit of information. And, as Owen mentioned, don't convince yourself that doing
so would make you any less vulnerable to whatever security issues potentially
await.
If you're embarassed about running Linux, run something else.
You should be able to find a few papers and some other information by searching
for "OS detection".
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: How can I hide web server from netcraft?
Posted by Werner Schalk <we...@gmx.de>.
hi,
is there a way to stop netcraft
from detecting the os? which firewall
rules on linux could apply?
bye,
werner.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How can I hide web server from netcraft?
Posted by Flash Wilson <fl...@gorge.org>.
On Tue, Jul 16, 2002 at 10:41:32AM +0200, Takacs Istvan wrote:
> Can I hide somehow the type of the web server from
> scanner and telnet programs?
> When I use netcraft to scan our servers than it can detect
> the correct type of the server.
Change /usr/local/apache/include/httpd.h so that:
#define SERVER_BASEVENDOR "Wibble"
#define SERVER_BASEPRODUCT "Wibble"
#define SERVER_BASEREVISION "Wibble"
where wibble is something other than Apache 1.3.x or whatever.
It will then return this as the name of the server.
--
Flash Wilson Webmaster & UNIX SysAdmin
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Solaris / FreeBSD / Linux
flash@gorge.org Apache/Bind/Exim/Sendmail
http://www.gorge.org/~flash Perl / Shell / SQL / HTML
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org