#apache - Tue 13 Mar 2007 between 11:55 and 12:10

NY Lost Funds



mutante_lehox: ServerSignature Off in the config , but afaik you cant make "Apache" disappear ,only the extended version info
jMCgmutante_: that's not quite true.
mutante_ah? interesting
jMCgmutante_: he'll still have PHP bragging about, if he's got that config b0rked :P
lehoxi just wanted to replace the "Apache/1.3.37 Server at xxxyyyzzz.xyz Port 80" by my own text
jMCglehox: this is not 'banner'
niqservertokens is also the first section of http://www.apachetutor.org/security/information-leak
fajitaCouldn't get a useful value from http://is also the first section of http://www.apachetutor.org/security/information-leak/
niquseless bot
fajitaspeak for yourself
lehoxso what i have to do?
niqand she's even added a bogus trailing slash. That's broken in spades
lehoxin what file in the sources is the "sig" ?
mutante_"If you're super paranoid you could change this to something other than "Apache" by editing the source code, or by using mod_security"
jMCgmod_pony!
:-/
fajitamod_pony is still number 20 in my presentation, and I really need to get in touch with Matt
jMCgI want a pony
fajitahttp://i-want-a-pony.com/
lehoxi need a manual#
:P
useless b0t
i looked for the signature in server.c and i have found nothing
jMCgmod_security
fajitamod_security is http://www.modsecurity.org/documentation/index.html
_hp_i get a 403 every time i try to open a userdir through localhost/~server. i've checked the permissions and they all seem to be in order, any ideas?
weird, if i don't do localhost it works fine
ScottMaclehox, its in ap_release.h
lehoxthanks!
fajitaNo worries
ScottMacwell you can set the server name, you'd still need to use ServerTokens
lehoxthank you very much ScottMac
ScottMacnp, though security through obscurity isn't really a solid reason to hack up source code ;)
everytime you upgrade you'll need to remember to apply the patch
lehoxhm. i have apache 1.3.37 and there isnt any ap_release.h in /src or /src/include
ScottMacoh no idea :)
i assumed you were using 2.0+
DrBacchusThat's correct. In 1.3.37 it's in a different file.
PlasmaHHhm, what else does one need to have a simple executable being executed when accessed beside setting option ExecCGI and making it executable?
lehox@DrBacchus: can you tell me what file it is in 1.3.37 ?

Page: 5 12 19 26 33 40 

IrcArchive

NY Lost Funds