- Original Message -
From: "Graham Leggett"
> Martin Kutschker wrote:
>
> > Removing the server header won't hurt.
>
> Removing the server header is a protocol viloation, and serves no purpose.
How is it a protocol violation? I can't find anywhere in the HTTP 1.1
protocol where it says t
On Thursday, March 27, 2003, at 01:36 AM, Sander Striker wrote:
People, why, oh why, do we need to muck with the Server header? Who
cares? Attacks will
be run regardless of Server headers (and if not, they will as soon as
we start removing them).
So, in the end, what good does it do?
I totally
Martin Kutschker wrote:
Removing the server header won't hurt.
Removing the server header is a protocol viloation, and serves no purpose.
Regards,
Graham
--
-
[EMAIL PROTECTED] "There's a moon
over Bourb
> From: Martin Kutschker [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 27, 2003 10:13 AM
> Date: Wed, 26 Mar 2003 15:30:53 -0500
> From: "Brass, Phil (ISS Atlanta)" <[EMAIL PROTECTED]>
> Removing the server header won't hurt.
>
> Perhaps you could try to make the ordering od the added header
Date: Wed, 26 Mar 2003 15:30:53 -0500
From: "Brass, Phil (ISS Atlanta)" <[EMAIL PROTECTED]>
> OK, so given that Date and Last-Modified are required response headers
> and everybody pretty much hates the idea of removing them, and that
> removing the Server header amounts to nothing more than secur
ar options.
Dave
-Original Message-
From: Brass, Phil (ISS Atlanta) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 12:31 PM
To: [EMAIL PROTECTED]
Subject: RE: Removing Server: header
OK, so given that Date and Last-Modified are required response headers
and everybody pretty much
ED]
> Subject: Re: Removing Server: header
>
>
> On Saturday, March 22, 2003, at 07:15 AM, Brass, Phil (ISS Atlanta)
> wrote:
> > The point of stripping Date and Last-modified headers is that HTTP
> > fingerprinting tools look at things like header order, the
> f
On Saturday, March 22, 2003, at 07:15 AM, Brass, Phil (ISS Atlanta)
wrote:
The point of stripping Date and Last-modified headers is that HTTP
fingerprinting tools look at things like header order, the formatting
of
dates and times, etc.
So change the format and order. Stripping them is a protoc
Brass, Phil (ISS Atlanta) wrote:
The point of stripping Date and Last-modified headers is that HTTP
fingerprinting tools look at things like header order, the formatting of
dates and times, etc.
The Date and Last-Modified headers exist as an integral part of
HTTP/1.1, and removing and/or fiddling
]
> Sent: Saturday, March 22, 2003 9:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Removing Server: header
>
>
> Brass, Phil (ISS Atlanta) wrote:
>
> > Hi, I recently patched my debian apache server source to add a new
> > ServerToken value, ServerToken=Hide,
Brass, Phil (ISS Atlanta) wrote:
Hi, I recently patched my debian apache server source to add a new
ServerToken value, ServerToken=Hide, which will remove the Server, Date,
and Last-Modified headers (to make server identification a little more
difficult (yes I know this is bad for proxies, if that
11 matches
Mail list logo