0000956: Disable version information for Apache and PHP

ClearFoundation Tracker - ClearOS

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0000956

ClearOS

app-web-server - Web Server

public

2013-01-29 17:40

2013-02-26 20:35

Reporter

user2

Assigned To

Priority

normal

Severity

tweak

Reproducibility

N/A

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

Target Version

6.4.0 Beta 2

Fixed in Version

Summary

0000956: Disable version information for Apache and PHP

Description

From a forum post...

Here are a couple of changes that you can make that might prevent the scanner from doing version detection. You can hide the version information coming from Apache by changing the ServerTokens parameter in /etc/httpd/conf/httpd.conf:

ServerTokens Prod

Similarly for PHP, the expose_php parameter should be changed in /etc/php.ini:

expose_php = Off

Restart the web server after making the changes:

# service httpd restart

A web page request will no longer get presented with version information:

Steps To Reproduce

Additional Information

Tags

No tags attached.

Relationships

related to	0000967	closed		Disable version information for Apache and PHP
related to	0000826	closed	bchambers	Restore configuration backup fails with invalid file type

Attached Files

Issue History

Date Modified

Username

Field

Change

2013-01-29 17:40

user2

New Issue

2013-01-29 17:43

user2

Status

new => confirmed

2013-02-01 20:29

user2

Issue cloned: 0000967

2013-02-01 20:29

user2

Relationship added

related to 0000967

2013-02-01 20:30

user2

Checkin

2013-02-01 20:30

user2

Note Added: 0000669

2013-02-01 20:30

user2

Status

confirmed => resolved

2013-02-01 20:30

user2

Resolution

open => fixed

2013-02-05 17:25

user2

Relationship added

related to 0000826

2013-02-26 20:35

user2

Status

resolved => closed

Notes