?
Solved

Header Rewriting

Posted on 2004-09-26
3
Medium Priority
?
244 Views
Last Modified: 2010-03-04
I run a test server on windows, basically just to test and build my site before I upload it to a real host.

I am using the apache2triad package (http://apache2triad.sourceforge.net/) It comes with Apache v.2.0

My question is, I have my site setup, ect.. using php-nuke as well as using googletap. I have an .htaccess file bout 30kb in size with various googletap info for modrewrite.

Everything works, but Isnt there a way to rewrite what the Apache reports is the service running
on port 80? I looked up online and found RequestHeader ect.. Not sure if that is what I am looking for, but if it is I have not gotten it to work.

I have ServerSignature set to Off

and I have expose_php set to off.

But If someone scanned me to find out my server type (possibly to use for narrowing down possible exploitation) I want to server to return maybe a null value? Instead of saying hi im Apache..

Anyone can help it would be apriciated.

And yes I have mod rewrite mod loaded and working.
0
Comment
Question by:dllfile
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:samri
ID: 12159668
hi dllfile,

Take a look at your ServerSignature directive in your httpd.conf (http://httpd.apache.org/docs-2.0/mod/core.html#serversignature)
---
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

---
And ServerTokens would be another interesteing feature that you may want to take a look at : http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

0
 
LVL 15

Accepted Solution

by:
samri earned 280 total points
ID: 12159751
sorry.  after rereading the question -- just found out that you need to totally make you apache to be "invisible".

IMHO, this would require the source code to be modified, and the server to be rebuilt (recompiled).

I would personally would be interested to learn the "eay-way" to achieve this.

cheers.
0
 

Author Comment

by:dllfile
ID: 12168803
ya, after requesting some info on it from other sites including apache2triad forums, it looks as tho the only option is to actually modify the source code and recompile my own version :(

Looks like I am out of that loop, dont have the knowledge or the tools even to do this myself. Thanks for the help
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month8 days, 16 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question