bankadmin
asked on
Apache Server Etag header had an information discloser
We recently had a scan done on our system and one of the findings was the title of this question. We are running windows 2008 r2 w/Apache. The suggestion to fix the issue is "Modify the http Etag header of the web server to not include file inodes in the Etag header calculation".
I found some articles suggesting how to do this however Im not seeing what they do in there httpd.conf file. Any suggestions would be appreciated.
Thanks
I found some articles suggesting how to do this however Im not seeing what they do in there httpd.conf file. Any suggestions would be appreciated.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There will not be a .htaccess file unless you have installed one. In that case, install the commands in the httpd.conf file.
ASKER
The httpd.conf file is 16 pages long 95%+ of it is commented out. Im not really sure where to enter the commands in the file. Are these the commands you are referring to? I
Header unset ETag
FileETag None
Header unset ETag
FileETag None
Those are the ones.
imo: If the httpd.conf is that large, and you don't know where to install the lines, then you should call in someone who knows Apache site configuration who can do this for you. It will not do to just drop them in anywhere.
imo: If the httpd.conf is that large, and you don't know where to install the lines, then you should call in someone who knows Apache site configuration who can do this for you. It will not do to just drop them in anywhere.
EE email requested stale question closure.
ASKER
This server is running my admin console for AV and that is what installed the apache on the server as part of the console. Im certainly not a web admin so Im a little confused on what to look for next.