Hi Recently we had a a security audit, one of the issues stated was that our servers report too much information which hackers can use.
see output from a netcraft site report. OWNER IP OS WebServer OWNER 123.123.123.123 Linux Apache OWNER 123.123.123.123 Linux Apache/2.0.54 Ubuntu PHP/5.0.5-2ubuntu1 mod_ssl/2.0.54 OpenSSL/0.9.7g OWNER 123.123.123.123 Linux Apache/1.3.34 Debian PHP/5.1.2 mod_gzip/1.3.26.1a mod_ssl/2.8.25 OpenSSL/0.9.8a mod_perl/1.29 DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.33 Debian GNU/Linux PHP/5.0.4 mod_gzip/1.3.26.1a mod_ssl/2.8.22 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.31 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.19 OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.29 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c mod_perl/1.29 DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.29 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.27 Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.27 Unix Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b DAV/1.0.3 OWNER 123.123.123.123 Linux Apache/1.3.27 Unix Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7a DAV/1.0.3 Does anyone know how to configure apache not to give this information out in its http replies. Thanks in advance Darragh
