Anonymous | Login | 2024-11-21 07:49 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000967 | ClearOS | app-php - PHP | public | 2013-02-01 20:29 | 2013-04-26 19:44 | ||||
Reporter | user2 | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | tweak | Reproducibility | N/A | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | |||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0000967: Disable version information for Apache and PHP | ||||||||
Description | From a forum post... Here are a couple of changes that you can make that might prevent the scanner from doing version detection. You can hide the version information coming from Apache by changing the ServerTokens parameter in /etc/httpd/conf/httpd.conf: ServerTokens Prod Similarly for PHP, the expose_php parameter should be changed in /etc/php.ini: expose_php = Off Restart the web server after making the changes: # service httpd restart A web page request will no longer get presented with version information: | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Relationships | ||||||
|
Notes | |
(0000670) user2 2013-02-01 20:41 |
Source Code Changelog --------------------------------------------------- - Disabled expose_php to prevent version information leak [fixed tracker 0000967] File Changes --------------------------------------------------- Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=5573 [^] U webconfig/apps/php/trunk/deploy/info.php A webconfig/apps/php/trunk/deploy/install U webconfig/apps/php/trunk/packaging/app-php.spec |