Eric, Can you let me know the best possible way to hide this banner.
Sukhjeet -----Original Message----- From: Dan Poirier [mailto:poir...@pobox.com] Sent: Wednesday, June 10, 2009 6:05 PM To: users@httpd.apache.org Subject: [us...@httpd] Re: Fixing HTTP Service / Server Version Detected Eric Covener <cove...@gmail.com> writes: > On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet > <sukhjeet.si...@fiserv.com> wrote: >> The server allows capture of the HTTP service banner. Service banners can >> contain sensitive information, such as application and Operating System (OS) >> version numbers. An attacker can use the version information from your Web >> server to determine if there are any known vulnerabilities present, or can >> use such information to create attacks towards the specific application or >> OS. > > http://httpd.apache.org/docs/2.2/mod/core.html#servertokens Sukhjeet, you can hide this information, but I wouldn't think it would make your server any more secure. Most attackers will probably just try a bunch of known vulnerabilities without even looking at the OS and version. -- Dan Poirier <poir...@pobox.com> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org