Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[CLOSED] Apache 'not found display' (looking to be hidden)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
trossachs
Veteran
Veteran


Joined: 22 Jan 2004
Posts: 1204
Location: London
PostPosted: Sat Sep 11, 2004 9:50 am    Post subject: [CLOSED] Apache 'not found display' (looking to be hidden) Reply with quote
If someone mistypes a URL onto my box, Apache will display the 'Not Found' sign and also print out the Apache, PHP and FrontPage version details. How can this be omitted on security grounds? thx.

Last edited by trossachs on Wed Oct 06, 2004 6:26 am; edited 1 time in total
Back to top
View user's profile Send private message
nobspangle
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
PostPosted: Sat Sep 11, 2004 10:45 am    Post subject: Reply with quote
I think this info is in the http headers anyway but, two ways,

Supply custom error pages
in commonapache2.conf turn off ServerSignature
Back to top
View user's profile Send private message
trossachs
Veteran
Veteran


Joined: 22 Jan 2004
Posts: 1204
Location: London
PostPosted: Sat Sep 11, 2004 1:17 pm    Post subject: Reply with quote
I do not have a commonapache2.conf file. Can I add your directive to the apache2/httpd.conf file instead?
Back to top
View user's profile Send private message
nobspangle
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
PostPosted: Sat Sep 11, 2004 1:43 pm    Post subject: Reply with quote
yes that's fine,
Code:
ServerSignature off


I have the new style split config files. You might want to grep the file to check it's not already set to on.
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500
PostPosted: Sat Sep 11, 2004 1:48 pm    Post subject: Reply with quote
I would also edit the conf.. and add/edit this:

Code:
ServerTokens Prod


hanji
Back to top
View user's profile Send private message
trossachs
Veteran
Veteran


Joined: 22 Jan 2004
Posts: 1204
Location: London
PostPosted: Sat Sep 11, 2004 2:51 pm    Post subject: Reply with quote
Why would I do this hanj?
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500
PostPosted: Sat Sep 11, 2004 3:05 pm    Post subject: Reply with quote
Quote:
Making Apache Offer Less Config Information Hide the version number from attackers to make version scanners and potentially worms fail.

ServerSignature Off

Hide the list of modules and other status information from an attacker:

ServerTokens Prod


I would recommend reading this:
http://www.bastille-linux.org/jay/Talks/slides-defcon-securing-apache.pdf


hanji
Back to top
View user's profile Send private message
trossachs
Veteran
Veteran


Joined: 22 Jan 2004
Posts: 1204
Location: London
PostPosted: Wed Oct 06, 2004 6:26 am    Post subject: Reply with quote
Will read up, thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy