document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

translated

Browse Source
This commit is contained in:
geekpi 2017-02-03 10:53:38 +08:00
parent e0508ef952
commit f4f12994f3
2 changed files with 93 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
sources/tech/20170123 How to Hide Apache Version Number and Other Sensitive Info.md
View File

@ -1,95 +0,0 @@
translating---geekpi
How to Hide Apache Version Number and Other Sensitive Info
============================================================
When remote requests are sent to your Apache web server, by default, some valuable information such as the web server version number, server operating system details, installed Apache modules plus more, is sent along in server-generated documents back to the client.
This is a good deal of information for attackers to exploit vulnerabilities and gain access to your web server. To avoid showing Web sever information, we will show in this article how to hide the information of Apache Web Server using particular Apache directives.
**Suggested Read:** [13 Useful Tips to Secure Your Apache Web Server][1]
The two important directives are:
##### ServerSignature
Which permits the adding of a footer line showing server name and version number under server-generated documents such as error messages, mod_proxy ftp directory listings, mod_info output plus many more.
It has three possible values:
1. **On**  which allows the adding of a trailing footer line in server-generated documents,
2. **Off**  disables the footer line and
3. **EMail**  creates a “**mailto:**” reference; which sends a mail to the ServerAdmin of the referenced document.
##### ServerTokens
It determines if the server response header field that is sent back to clients contains a description of the server OS-type and info concerning enabled Apache modules.
This directive has the following possible values (plus sample info sent to clients when the specific value is set):
```
ServerTokens Full (or not specified)
Info sent to clients: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2
ServerTokens Prod[uctOnly]
Info sent to clients: Server: Apache
ServerTokens Major
Info sent to clients: Server: Apache/2
ServerTokens Minor
Info sent to clients: Server: Apache/2.4
ServerTokens Min[imal]
Info sent to clients: Server: Apache/2.4.2
ServerTokens OS
Info sent to clients: Server: Apache/2.4.2 (Unix)
```
**Note**: After Apache version **2.0.44**, the **ServerTokens** directive also controls the info offered by the **ServerSignature** directive.
**Suggested Read:** [5 Tips to Boost Performance of Apache Web Server][2]
To hide web server version number, server operating system details, installed Apache modules and more, open your Apache web server configuration file using your favorite editor:
```
$ sudo vi /etc/apache2/apache2.conf #Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf #RHEL/CentOS systems
```
And add/modify/append the lines below:
```
ServerTokens Prod
ServerSignature Off
```
Save the file, exit and restart your Apache web server like so:
```
$ sudo systemctl apache2 restart #SystemD
$ sudo sevice apache2 restart #SysVInit
```
In this article, we explained how to hide the Apache web server version number plus lots more info about your web server using certain Apache directives.
If you are running PHP in your Apache web server, I suggest you to [Hide PHP Version Number][3].
As usual, you can add your thoughts to this guide via the comment section below.
--------------------------------------------------------------------------------
作者简介:
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/hide-apache-web-server-version-information/
作者:[Aaron Kili][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/aaronkili/
[1]:http://www.tecmint.com/apache-security-tips/
[2]:http://www.tecmint.com/apache-performance-tuning/
[3]:http://www.tecmint.com/hide-php-version-http-header/

93
translated/tech/20170123 How to Hide Apache Version Number and Other Sensitive Info.md Normal file
View File

@ -0,0 +1,93 @@
如何隐藏 Apache 版本号和其他敏感信息
============================================================
当远程请求发送到你的 Apache Web 服务器时,在默认情况下,一些有价值的信息,如 web 服务器版本号、服务器操作系统详细信息、已安装的 Apache 模块等等,这些服务器生成的信息会发送回客户端。
这里包含了攻击者可利用的漏洞并访问 web 服务器的很多信息。为了避免显示 web 服务器信息,我们将在本文中演示如何使用特定的 Apache 指令隐藏 Apache Web 服务器的信息。
**推荐阅读:** [13 个有用的使你的 Apache 服务器安全的贴士][1]
两个重要的指令是:
##### ServerSignature
这允许在服务器生成的文档如错误消息、mod_proxy ftp 目录列表、mod_info 输出等等)下添加一个显示服务器名称和版本号的页脚行。
它有三个可能的值:
1. **On** - 允许在服务器生成的文档中添加尾部页脚行,
2. **Off** - 禁用页脚行
3. **EMail** - 创建一个 “**mailto:**” 引用; 它将邮件发送到所引用文档的 ServerAdmin。
##### ServerTokens
它确定发送回客户端的服务器响应头字段是否包含服务器操作系统类型的描述和有关已启用的 Apache 模块的信息。
此指令具有以下可能的值(以及在设置特定值时发送到客户端的示例信息):
```
ServerTokens Full (或者不指定)
发送给客户端的信息: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2
ServerTokens Prod[uctOnly]
发送给客户端的信息: Server: Apache
ServerTokens Major
发送给客户端的信息: Server: Apache/2
ServerTokens Minor
发送给客户端的信息: Server: Apache/2.4
ServerTokens Min[imal]
发送给客户端的信息Server: Apache/2.4.2
ServerTokens OS
发送给客户端的信息: Server: Apache/2.4.2 (Unix)
```
**注意**:在 Apache **2.0.44** 之后,**ServerTokens** 同样控制由 **ServerSignature** 指令提供的信息。
**推荐阅读:** [5 个加速 Apache Web 服务器的贴士][2]
为了隐藏 web 服务器版本号、服务器操作系统细节、已安装的 Apache 模块等等,使用你最喜欢的编辑器打开 Apache 配置文件:
```
$ sudo vi /etc/apache2/apache2.conf #Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf #RHEL/CentOS systems
```
添加/修改/附加下面的行:
```
ServerTokens Prod
ServerSignature Off
```
保存并退出文件,重启你的 Apache 服务器:
```
$ sudo systemctl apache2 restart #SystemD
$ sudo sevice apache2 restart #SysVInit
```
本篇中,我们解释了如何使用特定的 Apache 指令隐藏Apache web 服务器版本号及其他信息。
如果你在 Apache 中运行 PHP我建议你[隐藏 PHP 版本号][3]。
如往常一样,你可以在评论栏中写下你的想法。
--------------------------------------------------------------------------------
作者简介:
Aaron Kili 是 Linux 和 F.O.S.S 爱好者,将来的 Linux SysAdmin 及 web 开发者,目前是 TecMint 的内容创作者,他喜欢用电脑工作,并坚信分享知识。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/hide-apache-web-server-version-information/
作者:[Aaron Kili][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/aaronkili/
[1]:http://www.tecmint.com/apache-security-tips/
[2]:http://www.tecmint.com/apache-performance-tuning/
[3]:http://www.tecmint.com/hide-php-version-http-header/