屏蔽apache版本等敏感信息

Post Views: 112

修改前，apache的相关信息都被暴露了：

[root@NFS test]# curl -I 555.com

HTTP/1.1 401 Authorization Required

Date: Wed, 01 Apr 2015 06:55:23 GMT

Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips DAV/2 PHP/5.5.23

WWW-Authenticate: Basic realm="teddy's website"

Content-Type: text/html; charset=iso-8859-1

环境：

[root@NFS test]# /application/apache/bin/apachectl -v

Server version: Apache/2.2.29 (Unix)

[root@NFS test]# grep "#Include conf/extra/httpd-default.conf" /application//apache/conf/httpd.conf

#Include conf/extra/httpd-default.conf

[root@NFS test]# sed -i 's#\#Include conf/extra/httpd-default.conf#Include conf/extra/httpd-default.conf#' /application/apache/conf/httpd.conf

[root@NFS test]# grep "Include conf/extra/httpd-default.conf" /application/apache/conf/httpd.conf

Include conf/extra/httpd-default.conf

[root@NFS test]# grep "ServerTokens Full" /application/apache/conf/extra/httpd-default.conf

ServerTokens Full

[root@NFS test]# grep "ServerSignature On" /application/apache/conf/extra/httpd-default.conf

ServerSignature On

[root@NFS test]# sed -i 's#ServerSignature On#ServerSignature Off#g' /application/apache/conf/extra/httpd-default.conf

[root@NFS test]# grep 'ServerSignature Off' /application/apache/conf/extra/httpd-default.conf

ServerSignature Off

[root@NFS test]# sed -i 's#ServerTokens Full#ServerTokens Prod#g' /application/apache/conf/extra/httpd-default.conf

[root@NFS test]# grep 'ServerTokens Prod' /application/apache/conf/extra/httpd-default.conf

ServerTokens Prod

[root@NFS test]# /application/apache/bin/apachectl graceful

看看效果：

[root@NFS test]# curl -I 555.com

HTTP/1.1 401 Authorization Required

Date: Wed, 01 Apr 2015 07:43:45 GMT

Server: Apache

WWW-Authenticate: Basic realm="teddy's website"

Content-Type: text/html; charset=iso-8859-1

屏蔽apache版本等敏感信息