Why should I block a version?
Prevent others from malicious scanning known version of the vulnerability, thereby exploiting the vulnerability of XXX, causing unnecessary losses.
First, the source file screen version
1. Modify the source file
[Email protected] httpd-2.4.20]# vim include/ap_release.h
Modify the following content:
#define Ap_server_basevendor "Apache software Foundation"
#define Ap_server_baseproject "Apachehttp SERVER"
#define AP_SERVER_BASEPRODUCT "Apache"
#define Ap_server_majorversion_number 2
#define Ap_server_minorversion_number 2
#define Ap_server_patchlevel_number 25
#define Ap_server_devbuild_boolean 0
Switch
#define Ap_server_basevendor "Kry" #服务器供应商名称
#define Ap_server_baseproject "Web SERVER" #服务的项目名称
#define AP_SERVER_BASEPRODUCT "Kry Web SERVER" #服务的产品名称
#define Ap_server_majorversion_number 8 #主板本号
#define Ap_server_minorversion_number 8 #小版本号
#define Ap_server_patchlevel_number 8 #补丁版本号
#define Ap_server_devbuild_boolean 0
2. Test results
[Email protected] httpd-2.4.20]# curl-i 192.168.0.146
http/1.1 OK
Date:tue, 16:05:28 GMT
Server:kry Web server/8.8.8 (Unix)
3. Note
Not all programs used in conjunction with Apache, such as SVN (subversion), need to detect the Apache version during installation, if an unrecognized version will fail to install, so not all are suitable for the source Shield version number.
Second, modify the configuration file to completely block
[Email protected] ~]# vim/usr/local/apache-2.4.20/conf/extra/httpd-default.conf
Modify the following content:
Servertokens full
Serversignature OFF
Switch
Servertokens Prod #不显示服务器操作系统类型
Serversignature on #不显示web服务器版本号
-
More articles please pay attention to the public number
Apache Version number masking