I just like to reduce as much as possible the amount of information that a server gives out. Letting oppotunist crackers, who run a 1 minute nessus scan, know the version and type of the webserver, should IMO be avoided if possible. Sure, it won't put-off the determined cracker, but it might force some to move onto easier prey.
Anyway, back to the matter in hand - do you know how one might go about this? Thanks, James > On 03/08/2004 02:57 PM James Agnew wrote: > > I've been looking for a way to prevent security scanners such as Nessus from > > being able to easily read Tomcat's standalone webserver details. I'm > > running Tomcat 5.0.18 standalone and Nessus identifies it as follows: > > > > Server Version: Apache-Coyote/1.1 > > Server Banner: Apache-Coyote/1.1 > > > > I can't seen anything similar to Apache's 'ServerTokens' directive to > > disable/suppress the info given out. > > Pardon my ignorance, but what is the problem with that? > > Adam > -- > struts 1.1 + tomcat 5.0.16 + java 1.4.2 > Linux 2.4.20 Debian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
