Apache隐藏版本号及其它敏感信息
默认显示
修改后显示
1. 隐藏Apache信息
1.1 主配置中启用httpd-default.conf
文件: conf/httpd.Conf
找到httpd-default.conf,删除前面的注释“#”,改成如下
Include conf/extra/httpd-default.conf
1.2 修改httpd-default.conf
文件:conf/extra/httpd-default.conf
找到
ServerTokens Full
改成
ServerTokens Prod
找到
ServerSignature On
改成
ServerSignature off
完成
最终如下(文件:conf/extra/httpd-default.conf)
# # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is ‘Full‘ which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minor | Minimal | Major | Prod # where Full conveys the most information, and Prod the least. # ServerTokens Prod # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # ServerSignature Off
说明:
1、ServerSignature出现在Apache所产生的像404页面、目录列表等页面的底部。
2、ServerTokens目录被用来判断Apache会在Server HTTP响应包的头部填充什么信息。
如果把ServerTokens设为Prod,那么HTTP响应包头就会被设置成:Server:Apache
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。