Disguise Apache to prevent Web Server intrusion

Source: Internet
Author: User
Tags gz file

I used to write a blog post about how to disguise nginx versions to prevent web Server intrusion. After that, a friend asked me if apache has the same method. The answer is yes. Write this article today to answer this question.

Learn more: disguise Nginx version to prevent Web Server intrusion

Download the apachesource code. I use 2.2.256. decompress the tarxzvfhttpd-2.2.25.tar.gz file.

Vim httpd-2.2.25/include/ap_release.h, modified to the following content

This is a headerfile with the apache version number.

The rest is the compilation and installation, the simplest Parameter

./Configure -- prefix =/usr/local/apache & make install

Modify the configuration file/usr/local/apache/conf/httpd. conf and add the following content:

Start apache

/Usr/local/apache/bin/apachectl start

Access any nonexistent page

We can see that the banner version of the web server is Microsoft's IIS7.0, rather than apache2.2.25.

Not yet, because experienced hackers still see the style of the 404 page, which is obviously not the IIS style. Of course, you can choose to modify/usr/local/apache/conf/httpd again. conf file

In the preceding example, the banner version is completely hidden and not displayed.

Of course, these will make experienced hackers recognize that this is the default 404 page of apache, so do it yourself, the best way is to copy IIS7.0's default 404 html code as the apache server's 404 page.

Then modify the/usr/local/apache/conf/httpd. conf file.

Finally, let's look at the effect and try again.

Haha, it's totally disguised as Microsoft 403. Don't forget to modify the and other pages together.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.