Anonymous | Login | 2024-12-22 00:12 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000956 | ClearOS | app-web-server - Web Server | public | 2013-01-29 17:40 | 2013-02-26 20:35 | ||||
Reporter | user2 | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | tweak | Reproducibility | N/A | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | |||||||||
Target Version | 6.4.0 Beta 2 | Fixed in Version | |||||||
Summary | 0000956: Disable version information for Apache and PHP | ||||||||
Description | From a forum post... Here are a couple of changes that you can make that might prevent the scanner from doing version detection. You can hide the version information coming from Apache by changing the ServerTokens parameter in /etc/httpd/conf/httpd.conf: ServerTokens Prod Similarly for PHP, the expose_php parameter should be changed in /etc/php.ini: expose_php = Off Restart the web server after making the changes: # service httpd restart A web page request will no longer get presented with version information: | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Relationships | |||||||||||
|
Notes | |
(0000669) user2 2013-02-01 20:30 |
Source Code Changelog --------------------------------------------------- - Changed ServerTokens parameter to prevent version leaked [fixed tracker 0000956] File Changes --------------------------------------------------- Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=5572 [^] U webconfig/apps/web_server/trunk/deploy/install |