RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

Thanks for your help Dave...!! Sukhjeet -Original Message- From: Dave Floyd [mailto:dave.fl...@pa.press.net] Sent: Wednesday, June 10, 2009 6:58 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Fixing HTTP Service / Server Version Detected >I need to fix this Vulnerability, So c

RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

erver", is an Apache httpd server - if I am wrong, and it /is/ an Apache httpd server, then you have already been given the response, a couple of times Singh, Sukhjeet wrote: > Andre, > > I appreciate your concern but I'll like to let you know that enabling or > disab

RE: [us...@httpd] Fixing HTTP Service / Server Version Detected

o:a...@ice-sa.com] Sent: Wednesday, June 10, 2009 6:25 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Fixing HTTP Service / Server Version Detected RE: [us...@httpd] default site RE: [us...@httpd] 503 status seems to get cached - how do I disable caching? Singh, Sukhjeet wrote: (lot

RE: [us...@httpd] Re: Fixing HTTP Service / Server Version Detected

Covener writes: > On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet > wrote: >> The server allows capture of the HTTP service banner. Service banners can >> contain sensitive information, such as application and Operating System (OS) >> version numbers. An attacker can use

RE: [us...@httpd] 503 status seems to get cached - how do I disable caching?

Eric, I agree with you but as we can fix the custom 404 or 403 errors via ErrorDocument. Isn't there any way to fix this banner as whenever the 403 Forbidden message is generated it should be replaced with 404 message. I tried even blocking the mod_ProxyVia but it also didn't helped. Sukhjeet

RE: [us...@httpd] default site

Eric, Basically the thing is my security guy is saying that If I can any how able to fix the 404 error in lieu of the 403 Forbidden error then it'll fix the vulnerability. I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even from telnet or with any scanner. Sukhjeet

RE: [us...@httpd] Rewrite Rule for hiding Destination URL ??

Eric, I think you are right cuz the rewrite rule which I'm using and also the ErrorDocument which I'm using are using the path of the files and not the exact URL. But while I'm able to fix the custom 403 and 404 pages, I'm not too sure why the scanner is still detecting this vulnerability. Su

[us...@httpd] Fixing HTTP Service / Server Version Detected

I need to fix this Vulnerability, So can someone please check the vulnerability and let me know the best way to fix the HTTP Service / Server Version. The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating Syst