(This article Climate series based on the Apache web)
Outline
Apache version information revealed - given the vulnerability information, leading to a security risk to the site you want to configure Apache production environment, can use Fiddler to hide the version information packet capture analysis tool
Configuring Apache version information hide
1.将主配置文件httpd. conf以下行注释去掉
#Include conf/extra/httpd-default.conf
2.修改httpd-default. conf文件两个地方
3.Server Tokens Full修改为Server Tokens Prod
4.将ServersSignature On修改为ServersSignature Off
5.重启httpd服务,访问网站,抓包测试Examples of presentation
1. Open a Win10 client, using fiddler packet capture tool, Apache version can be the first to know the server's information
2. Modify the main Apache configuration file
[root@localhost bin]# vim /usr/local/httpd/conf/httpd.conf
//编辑主配置文件
496 Include conf/extra/httpd-default.conf
//将文件的第496行前的#号删除,以开启默认功能3. Modify the Apache configuration file extension, and re-start the service
[root@localhost bin]# vim /usr/local/httpd/conf/extra/httpd-default.conf
//编辑扩展配置文件
55 ServerTokens Prod
//将文件第55行尾的Full替换为Prod
65 ServerSignature Off
//将文件第65行尾的on替换为Off
[root@localhost bin]# ./apachectl stop
//停止Apache服务
[root@localhost bin]# ./apachectl start
//开启Apache服务4. refresh the page back to the client, test and re-capture tool, you can see the Apache version information has been hidden from the