Apache token for securing your web server

Apache token is generally found in apache main configuration file httpd.conf if it is not present never mind, you can simply add it “eg:ServerTokens Prod”

Syntax for ServerTokens

The five options will differ from each other. I will explain them one by one.

ServerTokens Full
=============
When the above option is set, the server will send the full information to the remote host.
Information sent will be
Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
which is a big security hole and it is not recommended, because hackers can look for the security holes in Apache 2.0.41, PHP4.2.2 and unix operating systems and can easily hack the server.

ServerTokens OS
============
When the above option is set, the server will send the Web server version and the operating system version.
Information sent will be
Server: Apache/2.0.41 (Unix)
This is also an security issue as the remote user will try to hack the server with security holes in the webserver version and operating system.

ServerTokens Min
============
When the above option is set, the server will send the Web server’s full version number like Apache2.0.41
Information sent will be
Server: Apache/2.0.41

This is also an security issue as the remote user will try to hack the server with security holes in Apache2.0.41 versions.

ServerTokens Minor
==============
When the above option is set, the server will send the Web server’s minor version number like Apache version2.0
Information sent will be
Server: Apache/2.0
This is also an security issue as the remote user will try to hack the server with security holes in Apache 2.0 versions.

ServerTokens Major
==============
When the above option is set, the server will send the Web server’s minor version number like Apache version2
Information sent will be
Server: Apache/2
This is also an security issue as the remote user will try to hack the server with security holes in Apache 2 version.

ServerTokens Prod
=============
When the above option is set, the server will send the Web server’s name alone, which is recommended as the hacker will not have a clue of which version of Apache is running in the server and also which operating system is used.
Information sent will be
===================================================================

0 Bu dökümanı faydalı bulan kullanıcılar:

Diğer Dökümanlar

How to Redirect HTTP traffic to another IP using iptables
How to Redirect HTTP traffic to another IP using iptables I want to redirect all traffic coming to the old server’s http port(during the TTL change period) to the webserver running in new...
Name or service not known: mod_unique_id: unable to find IPv4 address
Name or service not known: mod_unique_id: unable to find IPv4 address [Thu Jan 02 05:29:41 2014] [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of...
(98)Address already in use: make_sock: could not bind to address
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs Check the Apache process root@ [~]# ps aux | grep...
mod_fcgid: can’t apply process slot for /usr/local/cpanel/cgi-sys/php5
Today I have faced an error while accessing the domain, also the response is too slow. [Thu Aug 22 13:05:06 2013] [warn] [client 200.150.249.63] mod_fcgid: can’t apply process slot for...
Apache error “Error retrieving pid file logs/httpd.pid”
Unable to start Apache service on cPanel server. If you are getting the following error while trying to restart the Apache service. =====================> -bash-3.2# /etc/init.d/httpd start...