Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


Response from Apache and FC3

By ngc4013 ·
When a computer is scanned for vulnerabilities is there a way to alter the servers response so that both Apache and it's version, and FC3 are not provided in the response?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to Response from Apache and ...

in apache's configuration
you have full none all settings on server response messages.
read both http.conf and httpcommon.conf

as it's in one of those files.

Collapse -

by Jaqui In reply to

the sections are here, in default:
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens Full

# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
ServerSignature On

Collapse -

by ngc4013 In reply to

Poster rated this answer.

Collapse -

by ngc4013 In reply to Response from Apache and ...

This question was closed by the author

Related Discussions

Related Forums