Solved

Header Rewriting

Posted on 2004-09-26
3
238 Views
Last Modified: 2010-03-04
I run a test server on windows, basically just to test and build my site before I upload it to a real host.

I am using the apache2triad package (http://apache2triad.sourceforge.net/) It comes with Apache v.2.0

My question is, I have my site setup, ect.. using php-nuke as well as using googletap. I have an .htaccess file bout 30kb in size with various googletap info for modrewrite.

Everything works, but Isnt there a way to rewrite what the Apache reports is the service running
on port 80? I looked up online and found RequestHeader ect.. Not sure if that is what I am looking for, but if it is I have not gotten it to work.

I have ServerSignature set to Off

and I have expose_php set to off.

But If someone scanned me to find out my server type (possibly to use for narrowing down possible exploitation) I want to server to return maybe a null value? Instead of saying hi im Apache..

Anyone can help it would be apriciated.

And yes I have mod rewrite mod loaded and working.
0
Comment
Question by:dllfile
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:samri
ID: 12159668
hi dllfile,

Take a look at your ServerSignature directive in your httpd.conf (http://httpd.apache.org/docs-2.0/mod/core.html#serversignature)
---
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

---
And ServerTokens would be another interesteing feature that you may want to take a look at : http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

0
 
LVL 15

Accepted Solution

by:
samri earned 70 total points
ID: 12159751
sorry.  after rereading the question -- just found out that you need to totally make you apache to be "invisible".

IMHO, this would require the source code to be modified, and the server to be rebuilt (recompiled).

I would personally would be interested to learn the "eay-way" to achieve this.

cheers.
0
 

Author Comment

by:dllfile
ID: 12168803
ya, after requesting some info on it from other sites including apache2triad forums, it looks as tho the only option is to actually modify the source code and recompile my own version :(

Looks like I am out of that loop, dont have the knowledge or the tools even to do this myself. Thanks for the help
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
file path 14 75
Apache timeout remote connection if not port 80 10 103
PHP Apache application gives "Forbidden" message 5 80
Rewrite Rule head scratcher 18 47
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question