Security Forums
Log in
FAQ
| Search
| Usergroups
| Profile
| Register
| RSS
| Posting Guidelines
| Recent Posts
View previous topic :: View next topic
Author
Message
Jason Forum Fanatic Joined: 19 Sep 2002 Posts: 16777215
Posted: Tue Dec 17, 2002 10:17 am Post subject: HTTP server headers in Apache(Linux)
Hi,
I have a RH 8.0 system running apache 2.0, Both are fully pactched.
What i would like to do is modify the server header in port 80 GET requests. ie, a socket is opened to 80, and request is made:
Response that I would like to change is similar to:
Quote:
Server: Apache 2.0(Linux)??? (or what ever, cant remember at the mo.)
I have found this on the apache site:
http://httpd.apache.org/docs-2.0/mod/mod_headers.html but as i am not very familar with it, i find it hard to understand.
I have tried putting this command in httpd.conf, and restarting the service, but the original header remains:
Quote:
Header add Server "IIS 5.0"
Where am i going wrong?
Any help much appriciated.
J
Last edited by Jason on Tue Dec 17, 2002 8:06 pm; edited 1 time in total
Back to top
Crash01X Just Arrived Joined: 15 Dec 2002 Posts: 0 Location: Jedi Palace
Posted: Tue Dec 17, 2002 1:05 pm Post subject:
kill apache and then start it again by specifing the .conf u want to load with the -f flag
if it doesnt work u are probably doing something else wrong
Back to top
ShaolinTiger Forum Fanatic Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
Posted: Tue Dec 17, 2002 1:23 pm Post subject:
Why not use 1.3.x it's so much easier LOL
Anyway what does apachectl configtest give?
I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0
See more here:
http://httpd.apache.org/docs-2.0/mod/core.html#servertokens
Back to top
Jason Forum Fanatic Joined: 19 Sep 2002 Posts: 16777215
Posted: Tue Dec 17, 2002 2:04 pm Post subject:
ShaolinTiger wrote:
Anyway what does apachectl configtest give?
Will try + post when i get home.
Cool. 1/2 way towards the objective. What i am aming for is to "disguise" my linux box with fake headers on the services, to confuse the script kiddies. , so the only way you will know its a linux box is if you take a TCP/IP fingerprint.
J
Back to top
Jason Forum Fanatic Joined: 19 Sep 2002 Posts: 16777215
Posted: Tue Dec 17, 2002 8:17 pm Post subject:
jasonlambert wrote:
ShaolinTiger wrote:
Anyway what does apachectl configtest give?
Will try + post when i get home.
I dont seem to have the relevant files / packages installed. If you can tell me what you are looking for i can let you know.
jasonlambert wrote:
ShaolinTiger wrote:
I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0
Cheers mate, that works as you said.
Still not Removing / allowing me to specify Server manually...
Crash01X wrote:
kill apache and then start it again by specifing the .conf u want to load with the -f flag
if it doesnt work u are probably doing something else wrong
Definalty starting with the correct conf file. Other Ideas?
Cheers,
J
Back to top
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum