secure apache webserver

To: debian-user@lists.debian.org
Subject: secure apache webserver
From: "Lucas Albers" <albersl@cs.montana.edu>
Date: Sun, 11 Jan 2004 22:00:16 -0700 (MST)
Message-id: <[🔎] 1281.216.166.133.165.1073883616.squirrel@webtest.cs.montana.edu>
Reply-to: albersl+debianAZF8745@cs.montana.edu

I am exposing another machine as http mirror, and am trying to secure it.
Done with iptables.
configured portsentry to auto-block portscans.

How to block TRACE in apache?
I believe you do it with rewriting rule like such, but does not work.
<IfModule mod_rewrite.c>
#security changes
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>

How to restrict ALL product information?
I want to leak no webserver/os information, I've already configured:

ServerTokens ProductOnly

Anyone have a rule to restrict this via mod_rewrite or similar?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman

Reply to:

Prev by Date: Kbear -- Is it broken?
Next by Date: Multi-level locality: what is the practice?
Previous by thread: Kbear -- Is it broken?
Next by thread: Multi-level locality: what is the practice?
Index(es):
- Date
- Thread