How to hide X-Powered-By and Server headers

Apache posted about 1 year ago by christian

First enable the mod_headers module:

   1  sudo a2enmod headers

Then add this to your apache2.conf:

   1  # Hide X-Powered-By and Server headers
   2  Header always unset "X-Powered-By"
   3  ServerTokens Prod
   4  ServerSignature Off

Now restart Apache:

   1  /etc/init.d/apache2 force-reload

This is security through obscurity at it’s finest…

Tagged servertokens, server, x-powered-by, mod_rails, passenger, apache, apache2, headers

How to change the Apache 2 server signature on Debian Etch

Apache posted over 2 years ago by christian

Install mod_security, for some stupid reason it’s not included in Debian Etch, and for some even more stupid reason you’re not allowed to change the value of the Server header.

Anyway, to change the server signature, and enable voodoo magic:

   1  <IfModule mod_security2.c>
   2      # Basic configuration options
   3      SecRuleEngine On
   4      SecRequestBodyAccess On
   5      SecResponseBodyAccess Off
   6  
   7      # Handling of file uploads
   8      # TODO Choose a folder private to Apache.
   9      # SecUploadDir /opt/apache-frontend/tmp/
  10      SecUploadKeepFiles Off
  11  
  12      # Debug log
  13      SecDebugLog /var/log/apache2/modsec_debug.log
  14      SecDebugLogLevel 0
  15  
  16      # Serial audit log
  17      SecAuditEngine RelevantOnly
  18      SecAuditLogRelevantStatus ^5
  19      SecAuditLogParts ABIFHZ
  20      SecAuditLogType Serial
  21      SecAuditLog /var/log/apache2/modsec_audit.log
  22  
  23      # Maximum request body size we will
  24      # accept for buffering
  25      SecRequestBodyLimit 131072
  26  
  27      # Store up to 128 KB in memory
  28      SecRequestBodyInMemoryLimit 131072
  29  
  30      # Buffer response bodies of up to
  31      # 512 KB in length
  32      SecResponseBodyLimit 524288
  33  
  34      SecServerSignature "Dummy value"
  35  </IfModule>
  36  

Tagged apache2, signature, server, header, disable

Simple Mongrel HTTP server and custom Mongrel handler example

Ruby posted over 3 years ago by christian

   1  # http://mongrel.rubyforge.org/rdoc/index.html
   2  # gem install -y mongrel
   3  require 'rubygems'
   4  require 'mongrel'
   5  
   6  # Usage: ruby mongrel_http_server.rb <host> <port> <docroot>
   7  host    = ARGV[0] || "127.0.0.1"
   8  port    = ARGV[1] || 80
   9  docroot = ARGV[2] || "html/"
  10  
  11  # Simple Mongrel handler that prints the current date and time
  12  class HandlerExample < Mongrel::HttpHandler
  13     def process(request, response)
  14        response.start(200) do |head, out|
  15           head["Content-Type"] = "text/html"
  16           out.write Time.now
  17        end
  18     end
  19  end
  20  
  21  # Configure Mongrel and handlers
  22  config = Mongrel::Configurator.new :host => host, :port => port do
  23    listener do
  24      uri "/",              :handler => Mongrel::DirHandler.new(docroot)
  25      uri "/handler_example", :handler => HandlerExample.new, :in_front => true
  26    end
  27  
  28    # CTRL+C to stop server
  29    trap("INT") { stop }
  30    run
  31  end
  32  
  33  # Start Mongrel
  34  puts "Mongrel listening on '#{host}:#{port}', serving documents from '#{docroot}'."
  35  config.join
  36  

Tagged mongrel, http, server, handler