This is the technique I have used with Apache binaries (you can recompile it). I *should* be possible to filter IIS with ISAPI filters. I tested it a while back for other reasons. I *believe* apache 2.0.X allows you to even change the "Apache" keyword. Personally I chnaged the Binary to another 6 letter word. The problem with the string, is that it usually is parsed. And the standard error page still posted the Apache version. BTW the Server Token posting by Alan removes most of the extraneous info like OS, PHP, Mysql, etc. On Sun, 2002-06-23 at 22:42, brvarin@private wrote: > From what I've been told, some Microsoft developers attempted to make it > much easier to modify this but the marketing geniuses said no because if > more clients did this, Microsofts market share would appear to be less. > I'm not sure what Apache's excuse is. > > With IIS I believe all you have to change the file > Winnt\System32\Inetsrv\W3SVC.DLL file. The caveat there is that it > normally will say: Microsoft-IIS/5.0 but if you replace it, you have to > have the same number of characters.... It'd be kind of cool to put in > something like: Palm OS Webserver. Sure if you are really determined you > can figure it out but it would throw scripts and scanners off. > > > > -- Zot O'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 23:28:00 PDT