dllfile
asked on
Header Rewriting
I run a test server on windows, basically just to test and build my site before I upload it to a real host.
I am using the apache2triad package (http://apache2triad.sourceforge.net/) It comes with Apache v.2.0
My question is, I have my site setup, ect.. using php-nuke as well as using googletap. I have an .htaccess file bout 30kb in size with various googletap info for modrewrite.
Everything works, but Isnt there a way to rewrite what the Apache reports is the service running
on port 80? I looked up online and found RequestHeader ect.. Not sure if that is what I am looking for, but if it is I have not gotten it to work.
I have ServerSignature set to Off
and I have expose_php set to off.
But If someone scanned me to find out my server type (possibly to use for narrowing down possible exploitation) I want to server to return maybe a null value? Instead of saying hi im Apache..
Anyone can help it would be apriciated.
And yes I have mod rewrite mod loaded and working.
I am using the apache2triad package (http://apache2triad.sourceforge.net/) It comes with Apache v.2.0
My question is, I have my site setup, ect.. using php-nuke as well as using googletap. I have an .htaccess file bout 30kb in size with various googletap info for modrewrite.
Everything works, but Isnt there a way to rewrite what the Apache reports is the service running
on port 80? I looked up online and found RequestHeader ect.. Not sure if that is what I am looking for, but if it is I have not gotten it to work.
I have ServerSignature set to Off
and I have expose_php set to off.
But If someone scanned me to find out my server type (possibly to use for narrowing down possible exploitation) I want to server to return maybe a null value? Instead of saying hi im Apache..
Anyone can help it would be apriciated.
And yes I have mod rewrite mod loaded and working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ya, after requesting some info on it from other sites including apache2triad forums, it looks as tho the only option is to actually modify the source code and recompile my own version :(
Looks like I am out of that loop, dont have the knowledge or the tools even to do this myself. Thanks for the help
Looks like I am out of that loop, dont have the knowledge or the tools even to do this myself. Thanks for the help
Take a look at your ServerSignature directive in your httpd.conf (http://httpd.apache.org/docs-2.0/mod/core.html#serversignature)
---
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
---
And ServerTokens would be another interesteing feature that you may want to take a look at : http://httpd.apache.org/docs-2.0/mod/core.html#servertokens