[us...@httpd] Fixing HTTP Service / Server Version Detected

2009-06-10 Thread Singh, Sukhjeet
I need to fix this Vulnerability, So can someone please check the vulnerability and let me know the best way to fix the HTTP Service / Server Version. The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating

RE: [us...@httpd] Rewrite Rule for hiding Destination URL ??

2009-06-10 Thread Singh, Sukhjeet
Eric, I think you are right cuz the rewrite rule which I'm using and also the ErrorDocument which I'm using are using the path of the files and not the exact URL. But while I'm able to fix the custom 403 and 404 pages, I'm not too sure why the scanner is still detecting this vulnerability.

RE: [us...@httpd] default site

2009-06-10 Thread Singh, Sukhjeet
Eric, Basically the thing is my security guy is saying that If I can any how able to fix the 404 error in lieu of the 403 Forbidden error then it'll fix the vulnerability. I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even from telnet or with any scanner. Sukhjeet

RE: [us...@httpd] 503 status seems to get cached - how do I disable caching?

2009-06-10 Thread Singh, Sukhjeet
Eric, I agree with you but as we can fix the custom 404 or 403 errors via ErrorDocument. Isn't there any way to fix this banner as whenever the 403 Forbidden message is generated it should be replaced with 404 message. I tried even blocking the mod_ProxyVia but it also didn't helped. Sukhjeet

RE: [us...@httpd] Re: Fixing HTTP Service / Server Version Detected

2009-06-10 Thread Singh, Sukhjeet
Covener cove...@gmail.com writes: On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet sukhjeet.si...@fiserv.com wrote: The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers

RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

2009-06-10 Thread Singh, Sukhjeet
-sa.com] Sent: Wednesday, June 10, 2009 6:25 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Fixing HTTP Service / Server Version Detected RE: [us...@httpd] default site RE: [us...@httpd] 503 status seems to get cached - how do I disable caching? Singh, Sukhjeet wrote: (lots of stuff

RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

2009-06-10 Thread Singh, Sukhjeet
, is an Apache httpd server - if I am wrong, and it /is/ an Apache httpd server, then you have already been given the response, a couple of times Singh, Sukhjeet wrote: Andre, I appreciate your concern but I'll like to let you know that enabling or disabling the HTTP banner should logically

RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

2009-06-10 Thread Singh, Sukhjeet
Thanks for your help Dave...!! Sukhjeet -Original Message- From: Dave Floyd [mailto:dave.fl...@pa.press.net] Sent: Wednesday, June 10, 2009 6:58 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Fixing HTTP Service / Server Version Detected I need to fix this Vulnerability, So