Web Server version information

monash · 2011-11-13 02:00:25

I have a LAMP setup with the following configuration:

/etc/httpd/conf/extra/httpd-default.conf
ServerTokens Prod 
ServerSignature Off

The web server is currently completely empty (waiting for a drupal setup).

When a fake search is performed on the server (http://www.serverdomain.com/fake-search) the 404 error returns the lamp server details in full:

Apache, OpenSSL and php version details. Here is a screenshot.

http://bayimg.com/HakNgAAdO

How do I go about hiding these version details if ServerTokens and ServerSignature are both already set optimally?

Last edited by monash (2011-11-13 02:04:32)

zenlord · 2011-11-13 12:24:50

Here (http://www.ducea.com/2006/06/15/apache- … e-version/) I read that your value for ServerTokens is incorrect...

monash · 2011-11-13 23:39:34

Thanks but; Arch Linux Instructions:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

From the same post quoted above...

"I have tried this but its not working.when i get the error-404 page i get the apache version and os information.why is it so.plz help"

fukawi2 · 2011-11-14 03:04:36

Have you restarted the httpd daemon after making the change?

monash · 2011-11-18 05:52:53

Yes, restarted. But...

Had to jump back to oneiric server setup as drush-5.0 installation on arch seemed prone to errors.

Can't live without drush-5.0 (latest beta) to manage Drupal-7 :-)

Arch Linux

#1 2011-11-13 02:00:25

Web Server version information

#2 2011-11-13 12:24:50

Re: Web Server version information

#3 2011-11-13 23:39:34

Re: Web Server version information

#4 2011-11-14 03:04:36

Re: Web Server version information

#5 2011-11-18 05:52:53

Re: Web Server version information

Board footer