• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

HTTP server headers in Apache(Linux)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Dec 17, 2002 10:17 am    Post subject: HTTP server headers in Apache(Linux) Reply with quote

Hi,

I have a RH 8.0 system running apache 2.0, Both are fully pactched.

What i would like to do is modify the server header in port 80 GET requests. ie, a socket is opened to 80, and request is made:

Quote:
GET / HTTP/1.0


Response that I would like to change is similar to:
Quote:
Server: Apache 2.0(Linux)??? (or what ever, cant remember at the mo.)


I have found this on the apache site:
http://httpd.apache.org/docs-2.0/mod/mod_headers.html but as i am not very familar with it, i find it hard to understand.

I have tried putting this command in httpd.conf, and restarting the service, but the original header remains:

Quote:
Header add Server "IIS 5.0"


Where am i going wrong?
Any help much appriciated.

J


Last edited by Jason on Tue Dec 17, 2002 8:06 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail
Crash01X
Just Arrived
Just Arrived


Joined: 15 Dec 2002
Posts: 0
Location: Jedi Palace

Offline

PostPosted: Tue Dec 17, 2002 1:05 pm    Post subject: Reply with quote

kill apache and then start it again by specifing the .conf u want to load with the -f flag

if it doesnt work u are probably doing something else wrong
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Dec 17, 2002 1:23 pm    Post subject: Reply with quote

Why not use 1.3.x it's so much easier LOL

Anyway what does apachectl configtest give?

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

See more here:

http://httpd.apache.org/docs-2.0/mod/core.html#servertokens
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Dec 17, 2002 2:04 pm    Post subject: Reply with quote

ShaolinTiger wrote:

Anyway what does apachectl configtest give?

Will try + post when i get home.

ShaolinTiger wrote:

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

See more here:

http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

Cool. 1/2 way towards the objective. What i am aming for is to "disguise" my linux box with fake headers on the services, to confuse the script kiddies. Laughing , so the only way you will know its a linux box is if you take a TCP/IP fingerprint.

J
Back to top
View user's profile Send private message Send e-mail
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Dec 17, 2002 8:17 pm    Post subject: Reply with quote

jasonlambert wrote:
ShaolinTiger wrote:

Anyway what does apachectl configtest give?
Will try + post when i get home.

I dont seem to have the relevant files / packages installed. If you can tell me what you are looking for i can let you know.

jasonlambert wrote:
ShaolinTiger wrote:

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

Cheers mate, that works as you said.
Still not Removing / allowing me to specify Server manually...

Crash01X wrote:

kill apache and then start it again by specifing the .conf u want to load with the -f flag
if it doesnt work u are probably doing something else wrong


Definalty starting with the correct conf file. Other Ideas?

Cheers,

J
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register