You need to set the ServerTokens directive in httpd.conf to reveal only those things that you feel appropriate about the server. Options are: min - will return the product and version (i.e. Apache/1.3.0) os - will return product version and operating system. full - will return everything, including the installed modules (as you noted, and probably a bad thing). product_only - will return just the product (i.e. Apache) default seems to be full. Examples: ServerTokens Prod[uctOnly] Server sends (e.g.): Server: Apache ServerTokens Min[imal] Server sends (e.g.): Server: Apache/1.3.0 ServerTokens OS Server sends (e.g.): Server: Apache/1.3.0 (Unix) ServerTokens Full (or not specified) Server sends (e.g.): Server: Apache/1.3.0 (Unix) PHP/3.0 MyMod/1.2 Note that this works on the server config level and therefore cannot be set for individual virtualhosts. Cheers .... J
This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 16:49:39 PDT