默认情况下apache是会给client端回显版本号码的,可以测试如下,在client端使用nc联接起着apache的目的主机80端口,发送错误的get请求
Method Not Implemented
wget to /
not supported.
Apache Server at freebsd.abc.net Port 80
Connection to host lost.
我们看到上面显示了apache的版本号,这可不好,对于一个黑客来说透漏的信息越少越好,那能不能修改呢,是可以的。
改动apache的配置文件,找到ServerTokens和ServerSignature两个directive,修改默认属性:
如下
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Full
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
#ServerSignature On
ServerSignature off
大家可以自己自己试试
