[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache in testing - ServerTokens Prod

 Ansgar> These settings are set in /etc/apache2/conf.d/security. Changing it
 Ansgar> there works here. (If you set them in apache2.conf, I suppose you
 Ansgar> would have to set them after the include directive for conf.d.)

Right ... that stuff lives in /etc/apache2/conf.d/security since Lenny
now. I simply did not know -- it was in /etc/apache2/apache2.conf

Below are my settings which, after restarting Apache, should make Apache
a lot less verbose:

,----[ changes applied to a pristine Apache installation ]
| wks-ve10:/etc/apache2# grep -v \# conf.d/security | grep .
| ServerTokens Prod
| ServerSignature Off
| TraceEnable Off
| wks-ve10:/etc/apache2# grep conf.d apache2.conf
| Include /etc/apache2/conf.d/
| wks-ve10:/etc/apache2# dpkg -l apache2-mp* | grep ii
| ii  apache2-mpm-worker              2.2.11-5              Apache HTTP Server - high speed threaded mod
| wks-ve10:/etc/apache2# lsb_release -ric
| Distributor ID: Debian
| Release:        testing
| Codename:       squeeze
| wks-ve10:/etc/apache2#

As the box topic implies, I did not do anything else -- I just installed
apache2-mpm-worker and then made the changes as it can be seen above and
restarted. Now, if I try to visit a site that actually does not exist, I
should get the less verbose information because of ServerSignature Off
and ServerTokens Prod. Well, I should but nothing changes here. What am
I missing?

You did exactly the same things I as shown above yes?

Attachment: pgpav3I66mQRx.pgp
Description: PGP signature

Reply to: