笔记:ubuntu 12.04 apche2.22与ServerTokens、ServerSignature

  《Ubuntu Server 最佳方案》(冷罡华著)介绍Apache安全一节中,讲到隐藏敏感信息。使用telnet 访问服务器的80端口,然后给出命令"HEAD / HTTP/1.0"并按两次回车,就能显示服务器的操作系统名称,PHP,APACHE的版本号,给系统安全带来隐患。


$ telnet localhost 80

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

HEAD / HTTP/1.0


HTTP/1.1 200 OK

Date: Mon, 03 Nov 2008 01:37:59 GMT

Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.3with Suhosin-Patch

Last-Modified: Mon, 03 Nov 2008 00:46:59 GMT

ETag: "34943-2d-45abe48d446c0"

Accept-Ranges: bytes

Content-Length: 45

Connection: close

Content-Type: text/html

Connection closed by foreign host.


本书的解决方法因为apache版不同,无法通过编辑apache2.conf起作用,而是编辑/etc/apache2/conf.d/security文件,我的使用的是apache2.22,修改成:


ServerTokens Prod

ServerSignature Off



你可能感兴趣的:(apache,ubuntu,ServerTokens,ServerSignature)