HTTP server headers in Apache(Linux)

Networking/Security Forums -> UNIX // GNU/Linux

Author: Jason PostPosted: Tue Dec 17, 2002 10:17 am    Post subject: HTTP server headers in Apache(Linux)
    ----
Hi,

I have a RH 8.0 system running apache 2.0, Both are fully pactched.

What i would like to do is modify the server header in port 80 GET requests. ie, a socket is opened to 80, and request is made:

Quote:
GET / HTTP/1.0


Response that I would like to change is similar to:
Quote:
Server: Apache 2.0(Linux)??? (or what ever, cant remember at the mo.)


I have found this on the apache site:
http://httpd.apache.org/docs-2.0/mod/mod_headers.html but as i am not very familar with it, i find it hard to understand.

I have tried putting this command in httpd.conf, and restarting the service, but the original header remains:

Quote:
Header add Server "IIS 5.0"


Where am i going wrong?
Any help much appriciated.

J


Last edited by Jason on Tue Dec 17, 2002 8:06 pm; edited 1 time in total

Author: Crash01XLocation: Jedi Palace PostPosted: Tue Dec 17, 2002 1:05 pm    Post subject:
    ----
kill apache and then start it again by specifing the .conf u want to load with the -f flag

if it doesnt work u are probably doing something else wrong

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Dec 17, 2002 1:23 pm    Post subject:
    ----
Why not use 1.3.x it's so much easier LOL

Anyway what does apachectl configtest give?

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

See more here:

http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

Author: Jason PostPosted: Tue Dec 17, 2002 2:04 pm    Post subject:
    ----
ShaolinTiger wrote:

Anyway what does apachectl configtest give?

Will try + post when i get home.

ShaolinTiger wrote:

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

See more here:

http://httpd.apache.org/docs-2.0/mod/core.html#servertokens

Cool. 1/2 way towards the objective. What i am aming for is to "disguise" my linux box with fake headers on the services, to confuse the script kiddies. Laughing , so the only way you will know its a linux box is if you take a TCP/IP fingerprint.

J

Author: Jason PostPosted: Tue Dec 17, 2002 8:17 pm    Post subject:
    ----
jasonlambert wrote:
ShaolinTiger wrote:

Anyway what does apachectl configtest give?
Will try + post when i get home.

I dont seem to have the relevant files / packages installed. If you can tell me what you are looking for i can let you know.

jasonlambert wrote:
ShaolinTiger wrote:

I think you can put ServerTokens ProductOnly and it will show Apache only not Apache 2.0

Cheers mate, that works as you said.
Still not Removing / allowing me to specify Server manually...

Crash01X wrote:

kill apache and then start it again by specifing the .conf u want to load with the -f flag
if it doesnt work u are probably doing something else wrong


Definalty starting with the correct conf file. Other Ideas?

Cheers,

J



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group