pf » ServerTokens Prod, ServerSignature Off
ServerTokens Prod, ServerSignature Off
I tend to forget the syntax every time, but one of the first things I do when I setup an Apache web server is add/edit these two directive in my httpd.conf:
ServerSignature Off ServerTokens Prod
The first one, ServerSignature Off tells apache not to display the server version on error pages, or other pages it generates.
The second one ServerTokens Prod tells apache to only return Apache in the Server header, returned on every page request.
Why do this?
I do this for security reasons. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target.
add to del.icio.usRelated Entries
- HTTP Request Smuggling (HRS) - June 10, 2005
- Secure Browsing Mode - June 28, 2006
- 20 ways to Secure your Apache Configuration - December 6, 2005
- Free Chapters in Apache Security - June 13, 2005
- Apache mod_rewrite URLs Also Provide Validation - February 17, 2005
- CFSCRIPT Cheatsheet
- 3 New Image Effects for ColdFusion 8
- Googlebot to Submit Web Forms
- ColdFusion 8 Update 1 Fixes some Image Processing Quirks
- 10 Most Useful Image Functions in ColdFusion 8
- Speaking at NYC CFUG This Week
- Adobe AIR Tutorial for HTML / JavaScript Developers
- INFORMATION_SCHEMA Support in MySQL, PostgreSQL
RSS
Pete Freitag is a software engineer, and web developer located in central new york.
Pete's company Foundeo Inc. builds products for web developers and provides consulting services.
In 2003 Pete published the ColdFusion MX Developers Cookbook with SAMs Publishing.
More about Pete.
