Results 1 to 3 of 3
Thread: Web Servers
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Apr 2013
The curl -I command (capital i) is a convenient way to do that. Add the -s switch to avoid noise.
curl -sI www.linuxforums.org | grep Server Server: Apache/2.2.3 (Red Hat) PHP/5.3.6 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 curl -sI www.ibm.com | grep Server Server: IBM_HTTP_Server curl -sI www.freebsd.org | grep Server Server: httpd/1.4.x LaHonda curl -sI www.microsoft.com | grep Server Server: Microsoft-IIS/8.0
I think it's probably best to hide this kind of information from anyone who could use it against you. Why advertise the fact that you're running a particular variant of web server that you average cracker is going to know the vulnerabilities for.
You can hide this info by setting ServerTokens to Prod and ServerSignature to Off in your Apache config, and setting expose_php = off in your php.ini file.
People who are using your website don't even need this information. If someone has a legitimate purpose, then they can ask politely.Linux user #126863 - see http://linuxcounter.net/