APACHE  “SERVER SIGNATURE”

 

 

Za napad na sistem je potrebno poznati vrsto OS, servise itd… Da napadalcem ne olajšamo dela izključimo “podpis strežnika” in s tem skrijemo informacije, ki bi jim olajšale delo.

 

1. Privzeto vam Apache prikaže operacijski sistem, apache module…. Primer na operacijskem sistemu Debian:

Če želimo onemogočiti prikaz ključnih podatkov o sistemu itd…odpremo apache2 konfiguracijsko datoteko “security”, ki je v direktoriju “/etc/apache2/conf.d/security” in popravimo naslednje parametre:

 

root@streznik: vi /etc/apache2/conf.d/security

 

Uredimo naslednje parametre:

# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
#<Directory />
#       AllowOverride None
#       Order Deny,Allow
#       Deny from all
#</Directory>

# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is ‘Full’ which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Minimal
ServerTokens Prod
#ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to “EMail” to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
#ServerSignature On

#
# Allow TRACE method
#
# Set to “extended” to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of:  On | Off | extended
#
TraceEnable Off
#TraceEnable On

 

Sedaj strežnik ob napaki sporoči le naslednje podatke:

Leave a Reply

Your email address will not be published. Required fields are marked *

VNESITE ŠTEVILO V PRAZNO POLJE !!! *

Internetna zaščita

Copyright © 2013. All Rights Reserved.