[Cialug] Disclosing Apache and PHP version numbers
Eric Junker
eric at eric.nu
Wed Apr 1 21:40:49 CDT 2009
Is there any reason not to set:
ServerSignature Off
ServerTokens Prod
to prevent Apache from disclosing version information?
And also setting expose_php = 'off' to prevent PHP from sending the
X-Powered-By header.
Is there any purpose to these headers and why aren't they turned off by
default? By themselves they do not pose a security risk but it could
help an attacker to know if you are running a vulnerable version.
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.vcf
Type: text/x-vcard
Size: 128 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20090401/6a03dd54/attachment.vcf
More information about the Cialug
mailing list