logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Anonymity
Author
holziusa



Joined: 02 Jan 2008
Posts: 48
PostPosted: Fri 17 Jun '11 0:32    Post subject: Anonymity Reply with quote
this driving me nuts testing server here
"http://www.gregthatcher.com/InformationTechnology/FingerprintWebServer.aspx"

when i test apachelounge.com it reveals nothing but when i test mine
it gives Apache/2.2.19 etc

have ServerSignature Off server wide
should this be in every virtual host


thanks inadvance
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
PostPosted: Fri 17 Jun '11 2:01    Post subject: Reply with quote
No, it's a server wide setting. Turn "ServerTokens" to off and the server software will not be sent along in the headers.

http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

In reality, there is no security through obscurity, only a incorrect sense of security. I do not hide mine, there's no need to since I keep Apache up to date.
Back to top
Kanashii



Joined: 17 Jul 2006
Posts: 155
Location: Porando
PostPosted: Fri 17 Jun '11 19:52    Post subject: Reply with quote
Compile own Apache witch fix.

Change in source code Server: Apache to
Server: apache



eq headers order:

[Apache]
[1]Date:
[2]Server:
...

[IIS]
Cache-Control:
Content-Type:
Content-Encoding:
....

[Ngixn]
[1]Server:nginx/0.8.53
[2]Date Fri, 17 Jun 2011 17:46:27 GMT
[3]Content-Type text/html; charset=iso-8859-2
...

___________
For nmap only need change server name to something else Smile
Chnage MTU to 1433, disable for TCP timestamps and ping

How to know is apache.
Error message eq.
http://apache.org/asdsa

In windows if you type /index.php show page and if you type IndeX.php the same in Linux will be 404.

http://apache.org/server-status

On windows try page.windows.com/COM1 will be 403 forbiden

And more more this is basics about fingerprint
Back to top


Reply to topic   Topic: Anonymity View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout