RE: [Securityfocus-webapp] RE: Removing Apache Banner on IBM WebsphereHTTP Server (Apache) for Windows

What Thiago says,

If you really want to get rid of the Apache part,
have a look in the httpd.h file in the apache source.
You can change it there,

Note that it can break things like mod_ssl if you change
the file.

Cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

mrtg.grunn.org Dutch mirror of MRTG

-----Oorspronkelijk bericht-----
Van: securityfocus-web-app-security-bounces@xxxxxxxxxxxxxxxxxx
[mailto:securityfocus-web-app-security-bounces@xxxxxxxxxxxxxxxxxx]Namens
Thiago Lima
Verzonden: vrijdag 20 februari 2004 16:26
Aan: 'Thomas Chiverton'; 'Steffen Furholm / CABO Communications A/S'
CC: 'Jason binger'; webappsec@xxxxxxxxxxxxxxxxx
Onderwerp: [Securityfocus-webapp] RE: Removing Apache Banner on IBM
WebsphereHTTP Server (Apache) for Windows



        With this directive you can't remove the "Apache" word.

        All you can do is remove the built-in modules and apache version
from been show.

        You'll allways have a "Server: Apache" header.

        I belive that apache does that to keep beating IIS in the "most used
http server" benchmarks.

        But you can allways hack the code.

[]s

> It's (unfortunately) not possible to change the server signature in
>> httpd.conf. With Apache 1.3 I would recommend changing it with
>
>It is possible to change the server signature in Apache 1.3.
>http://httpd.apache.org/docs/mod/core.html#servertokens :
>"ServerTokens directive
>...
>This directive controls whether Server response header field
>which is sent back to clients includes a description of the
>generic OS-type of the server as well as information about
>compiled-in modules"

_______________________________________________
Securityfocus-web-app-security mailing list
Securityfocus-web-app-security@xxxxxxxxxxxxxxxxxx
http://lists.elvandar.org/mailman/listinfo/securityfocus-web-app-security