1. 在 httpd.conf 任意位置加入一行
代碼:
ServerTokens Prod
註:ServerTokens 的參數有 Min[imal], OS, Prod[uctOnly], Full 四種
2. 重新啟動 apache 就可以了
以下是在 httpd.conf 中的設定值,及 Apache 在 header 的回應
ServerTokens Full
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.1.2
ServerTokens OS
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)
ServerTokens Min
Server: Apache/1.3.27
ServerTokens Prod
Server: Apache
所以設定成 ServerTokens Prod 應該是比較好的選擇
參考
http://www.apacheref.com/ref/http_core/ServerTokens.html
Apache Reference: http_core, ServerTokens
ServerTokens
Control Tokens Displayed in HTTP Server Header Field
Syntax: ServerTokens A
Example: ServerTokens min
Since: Apache 1.3
This directive controls whether the HTTP Server response header field, which is sent back to clients, includes a description of the generic operating system type of the server (if type is ``os'') as well as information about compiled-in modules (if type is ``full''). With a type of ``min'', only the server version is included. This setting applies to the entire server, and it cannot be enabled or disabled on a per- virtual-host basis.
建議再加上 ServerSignature Email
或 ServerSignature Off
*ServerSignature On
用法:ServerSignature 選項
(可用的選項有︰On,Off 以及 Email)
ServerSignature 指令用來選擇,當 Apache/2 遇到如錯誤訊息等情形而產生一份
告知使用者目前情形的網頁時,是否要附加上一些提示使用者的資訊。
如果設定為 "Off",就是除了內定告知使用者的資訊以外,不再附加其他資訊。
如果設定為 "On",則表示在該網頁加上 ServerName 指令所指定的伺服器名稱;
如果設定為 "Email",則在該告知網頁上,附加 ServerAdmin 後面所指定的電子郵件位址。
如果有使用 php 的話
建議再修改 php.ini
改 expose_php (預設是 On)
expose_php = Off
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
;expose_php = On
|
