Difference between revisions of "Security"
From Anarchaserver
Line 4: | Line 4: | ||
* Open up /etc/apache2/conf.d/security | * Open up /etc/apache2/conf.d/security | ||
* Current setting is "ServerTokens OS" | * Current setting is "ServerTokens OS". I recommend setting it to "Prod"? | ||
* ServerSignature is On. I recommend turning it Off. | |||
* ServerSignature is On. I recommend turning it | |||
* Restart Apache web server. | * Restart Apache web server. | ||
Revision as of 22:38, 23 September 2015
Bogus http requests
Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/
- Open up /etc/apache2/conf.d/security
- Current setting is "ServerTokens OS". I recommend setting it to "Prod"?
- ServerSignature is On. I recommend turning it Off.
- Restart Apache web server.