Home / server / Questions / 378191
In Process
Cygnus X
Asked: 2012-04-11 09:22:56 +0800 CST

apache2 servertokens

  • 772

I'm running a small apache2 web server, and I'm trying to figure out how to make a customized message for the servertokens, so when somebody does a banner grab, it returns something like "No information for you!". Does anybody know how to do this?

apache-2.2

3 Answers

  1. ServerTokens Prod is essentially that, since "Apache" isn't particularly revealing (and you might as well throw in a ServerSignature Off to hide info on error pages, if you haven't already). Is it insufficient in some way?

    • 2

  2. There is no way to do that without editing source code. See the following blog post for an idea of how to do it

    http://benajnim.com/index.php/security/creating-a-custom-serversignature-in-apache/

    • 1

  3. I am no longer running apache, but when I was I used a module called Mod_security for various things. One thing it could do is allow you to set a custom ServerSignature as you are asking to do here.

    I would hesitate to suggest you install a module to do just that one thing, but since you mention you want to prevent offsite image linking some of the other features mod_security has to offer might be attractive to you.

    I can say that from experience mod_security is, in my opinion, a must-have for most public facing linux webservers running Apache.

    • 1