Webantix

After running a number of tests on my own server I kept on seeing that by default Apache leaks a lot of information. Maybe not the most extreme threat, but still giving a little to much away for my liking.

The three main leaks are

• Apache version on errors

 (Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 Server at 10.0.0.1 Port 80)

• Apache advertising itself in the headers

 (Server - Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.12 OpenSSL/0.9.8e-fips-rhel5)

• PHP advertsining itself in the headers

 (X-Powered-By - PHP/5.2.6-2ubuntu4.6)

Below is how to turn these settings off to keep your footprint to a minimum.

(continue reading…)