On Fri, 18 Oct 2002, Patrick Oonk wrote: > Add the lines > > ServerTokens prod > ServerSignature no > > to your Apache config (httpd.conf) to prevent the server from disclosing > this information. ServerTokens ProductOnly # Optionally add a line containing the server version and virtual host # name to server-generated pages (error documents, FTP directory listings, # mod_status and mod_info output etc., but not CGI generated documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail ServerSignature Off According to the build in instructions, online manual and FAQ. http://httpd.apache.org/docs/misc/FAQ-E.html#serverheader http://httpd.apache.org/docs/mod/core.html But do not expect to gain much security. Hugo. -- All email sent to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 18:41:09 PDT