Solved

Header Rewriting

Posted on 2004-09-26
3
237 Views
Last Modified: 2010-03-04
I run a test server on windows, basically just to test and build my site before I upload it to a real host.

I am using the apache2triad package (http://apache2triad.sourceforge.net/) It comes with Apache v.2.0

My question is, I have my site setup, ect.. using php-nuke as well as using googletap. I have an .htaccess file bout 30kb in size with various googletap info for modrewrite.

Everything works, but Isnt there a way to rewrite what the Apache reports is the service running
on port 80? I looked up online and found RequestHeader ect.. Not sure if that is what I am looking for, but if it is I have not gotten it to work.

I have ServerSignature set to Off

and I have expose_php set to off.

But If someone scanned me to find out my server type (possibly to use for narrowing down possible exploitation) I want to server to return maybe a null value? Instead of saying hi im Apache..

Anyone can help it would be apriciated.

And yes I have mod rewrite mod loaded and working.
0
Comment
Question by:dllfile
  • 2
3 Comments
 
LVL 15

Expert Comment

by:samri
ID: 12159668
hi dllfile,

Take a look at your ServerSignature directive in your httpd.conf (http://httpd.apache.org/docs-2.0/mod/core.html#serversignature)
---
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

---
And ServerTokens would be another interesteing feature that you may want to take a look at : http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

0
 
LVL 15

Accepted Solution

by:
samri earned 70 total points
ID: 12159751
sorry.  after rereading the question -- just found out that you need to totally make you apache to be "invisible".

IMHO, this would require the source code to be modified, and the server to be rebuilt (recompiled).

I would personally would be interested to learn the "eay-way" to achieve this.

cheers.
0
 

Author Comment

by:dllfile
ID: 12168803
ya, after requesting some info on it from other sites including apache2triad forums, it looks as tho the only option is to actually modify the source code and recompile my own version :(

Looks like I am out of that loop, dont have the knowledge or the tools even to do this myself. Thanks for the help
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redirect from old domain to new domain 19 76
XAMPP 3 74
ports for sccm 2012 1 99
New OSQA server has a ton of fake users 4 78
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question