Azitech

Azimout's Linux weblog

Hiding the Apache and PHP signature

with one comment

A friend introduced me today to this cute little tool written in Ruby called whatweb which “identifies websites”. It can be useful also for auditing the security of your website, so I tried it on mine.

This is what I got at first:

http://azimout.dyndns.org [200] Frame, HTTPServer[Ubuntu Linux][Apache/2.2.17 (Ubuntu)], Google-Analytics[UA-989528-2], Apache[2.2.17], IP[88.149.139.218], PHP[5.3.5-1ubuntu7.2], X-Powered-By[PHP/5.3.5-1ubuntu7.2], Title[Dimitrios Symeonidis, a.k.a. azimout], Country[ITALY][IT]

So it’s leaking the OS name, the Apache version and the PHP version to the world. A bit of googling and I found how to hide this info:

  • To make Apache stop sending its version and the OS name, add a this line to /etc/apache2/apache2.conf: ServerTokens ProductOnly
  • To make PHP stop sending it version, change this value in /etc/php5/apache2/php.ini: expose_php = Off

Don’t forget to restart Apache: sudo service apache2 restart

Now the ouput of whatweb is:

http://azimout.dyndns.org [200] Frame, HTTPServer[Apache], Google-Analytics[UA-989528-2], Apache, IP[88.149.139.218], Title[Dimitrios Symeonidis, a.k.a. azimout], Country[ITALY][IT]

Advertisements

Written by azimout

18/07/2011 at 17:12

Posted in Tricks

One Response

Subscribe to comments with RSS.

  1. A much more advanced tool to assess the security of your webserver is nikto: http://cirt.net/nikto2

    azimout

    25/08/2011 at 14:32


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: