2008/6/9

[轉貼]如何不讓 apache 洩漏你 server 的資訊?

1. 在 httpd.conf 任意位置加入一行
代碼:
ServerTokens Prod

註:ServerTokens 的參數有 Min[imal], OS, Prod[uctOnly], Full 四種

2. 重新啟動 apache 就可以了


以下是在 httpd.conf 中的設定值,及 Apache 在 header 的回應

ServerTokens Full
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.1.2

ServerTokens OS
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)

ServerTokens Min
Server: Apache/1.3.27

ServerTokens Prod
Server: Apache

所以設定成 ServerTokens Prod 應該是比較好的選擇


參考
http://www.apacheref.com/ref/http_core/ServerTokens.html

Apache Reference: http_core, ServerTokens

ServerTokens
Control Tokens Displayed in HTTP Server Header Field
Syntax: ServerTokens A
Example: ServerTokens min
Since: Apache 1.3

This directive controls whether the HTTP Server response header field, which is sent back to clients, includes a description of the generic operating system type of the server (if type is ``os'') as well as information about compiled-in modules (if type is ``full''). With a type of ``min'', only the server version is included. This setting applies to the entire server, and it cannot be enabled or disabled on a per- virtual-host basis.


建議再加上 ServerSignature Email
或 ServerSignature Off

*ServerSignature On
用法:ServerSignature 選項
(可用的選項有︰On,Off 以及 Email)

ServerSignature 指令用來選擇,當 Apache/2 遇到如錯誤訊息等情形而產生一份
告知使用者目前情形的網頁時,是否要附加上一些提示使用者的資訊。
如果設定為 "Off",就是除了內定告知使用者的資訊以外,不再附加其他資訊。
如果設定為 "On",則表示在該網頁加上 ServerName 指令所指定的伺服器名稱;
如果設定為 "Email",則在該告知網頁上,附加 ServerAdmin 後面所指定的電子郵件位址。

如果有使用 php 的話
建議再修改 php.ini
改 expose_php (預設是 On)
expose_php = Off

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
;expose_php = On

沒有留言:

JPA+complex key+custom Query

  來源: https://www.cnblogs.com/520playboy/p/6512592.html   整個來說,就是有複合主鍵 然後要使用  public interface XxXXxx DAO extends CrudRepository<Tc...